Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Broadband provider iiNet says its order management system was compromised by an “unknown third party”.
Australian internet service provider iiNet has disclosed that it was recently the victim of a cyber attack that has impacted the personal data of hundreds of thousands of its customers.
“iiNet has been impacted by a cyber incident involving unauthorised access to its order management system by an unknown third party,” iiNet, which is owned by TPG Telecom, said in a 19 August statement on its website.
“The iiNet ordering system is used to create and track orders for iiNet services, such as NBN connections. The system contains limited personal information. Importantly, it does not contain copies or details of customer identity document details (such as passport or driver’s licences), credit card or banking information.”
iiNet became aware of the intrusion into its order management system on 16 August and immediately spun up its incident response plan and began an investigation with the assistance of third-party cyber security experts. Based on initial investigations, TPG believes the hackers gained access using the stolen credentials of a single employee. TPG told Cyber Daily that it does not believe the incident was a ransomware attack.
The ISP is in the process of contacting customers impacted by the incident and is aware of a rough idea of the numbers impacted.
“Based on the current evidence from our forensic experts, it appears a list of email addresses and phone numbers was extracted from the iiNet system. The list contained around 280,000 active iiNet email addresses and around 20,000 active iiNet landline phone numbers, plus inactive email addresses and numbers,” iiNet said.
“In addition, around 10,000 iiNet usernames, street addresses and phone numbers and around 1,700 modem set-up passwords, appear to have been accessed.”
iiNet is working with the Australian Cyber Security Centre, the National Office of Cyber Security, the Office of the Australian Information Commissioner, and other authorities in the wake of the incident.
Speaking to The Australian, TPG Telecom boss Iñaki Berroeta said the company apologises “unreservedly” to its customers.
“We are continuing our investigations to ensure we understand all details surrounding this incident,” Berroeta said.
“We will begin contacting customers to make them aware of the incident, apologise and provide details on the support available.”
Rich Atkinson, executive director, technology at Australian software firm Airteam, said that seeing stolen credentials used in yet another cyber attack targeting an Australian organisation was symptomatic of a wider problem.
“TPG, Telstra, and Tangerine Telecom have all suffered credential-based breaches, proving this attack vector continues to succeed despite industry awareness,” Atkinson said.
“When the same credential-based attack method works repeatedly against major telecommunications providers, we’re not dealing with sophisticated new threats but fundamental authentication weaknesses. Australian enterprises are failing to implement systems that assume credentials will be compromised and protect accordingly.”
No threat actor has claimed responsibility for the hack at this point in time.
UPDATED 19/08/25 to add Airteam commentary.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
