Cyberattack Exposes Details of Thousands of iinet Customers

August 2023 - Australia's second-largest internet provider, iiNet, has been hit by a massive cyberattack that exposed the email addresses and phone numbers of hundreds of thousands of customers. The breach was confirmed on Saturday, but TPG, the parent company of iiNet, did not notify its customers or shareholders until Tuesday morning.

According to TPG, the breach occurred when an unknown third party gained access to the company's system after stealing account credentials from an employee. This allowed the hacker to extract a list of about 280,000 active email addresses and roughly 20,000 active landline phone numbers from iiNet's order management system.

Additionally, the hacker is believed to have accessed information on approximately 10,000-odd iiNet user names, street addresses, and phone numbers, as well as about 1,700 modem set-up passwords. TPG has assured customers that no credit cards, banking details, or customer ID documents such as passports or driver's licenses were exposed in the breach.

TPG says it will be contacting all affected customers to inform them of the breach and provide assistance, as well as reaching out to non-impacted customers to confirm they have not been affected. The company has also hired external IT and cybersecurity experts to assist with its response and is working closely with Australian authorities.

"We unreservedly apologise to our iiNet customers impacted by this incident," said TPG in a statement. "We will be taking immediate steps to contact impacted customers, advise them on actions they should take, and offer our assistance." The company has also set up a dedicated hotline for concerned customers.

iiNet customers have been warned to remain vigilant to any suspicious communications received via email, text, or phone call. While there is currently no evidence to suggest an impact on other customers or systems, the breach serves as a reminder of the importance of cybersecurity and data protection.