iiNet data breach exposes 280,000 customers

TPG-owned internet provider iiNet has been the victim of a data breach that has exposed the personal data of as many as 280,000 customers.

In a statement, the provider said that it was "impacted by an incident involving unauthorised access to its order management system by an unknown third party."

At the time of writing, iiNet believes that this unknown party managed to obtain the email addresses of over 280,000 active customers, the landline numbers of 20,000 customers and 1700 modem setup passwords.

Another 10,000 usernames, street addresses and phone numbers were also accessed, as well as an undisclosed number of inactive email addresses and numbers.

iiNet said that early investigations named the stolen credentials of an employee as a likely attack vector and insisted that no credit, banking or financial information had been compromised.

TPG Telecom chief executive officer Inaki Berroeta also issued a formal apology to iiNet customers and pledged to share more information about the cyber incident as it became available.

In the aftermath of this data breach, iiNet has said it will be making contact with impacted customers to offer support. However, it also urged all customers to be vigilant around suspicious communications and recommended resetting any passwords that their iiNet account might share with other online services. 

The provider has also set up a dedicated hotline (1300 861 036), which will take calls from concerned customers from 8.30am to 8pm on weekdays and between 9am and 5pm on weekends.

Consumer advocacy group Australian Communications Consumer Action Network (ACCAN) CEO Carol Bennett praised iiNet for its fast response but warned customers to be wary regardless.

“iiNet customers are the latest to be targeted by online criminals. This incident must prompt all businesses to review how they protect customer data, and to ensure that privacy and security practices are robust enough to prevent this sort of event from happening again."