Aussie ISP Provider iiNet Says Hackers Stole 280,000 Emails and Customer Info in Data Breach

Australian telecom operator TPG Telecom has confirmed a data breach affecting its iiNet brand, with hackers gaining access to an order management system using stolen employee credentials. The incident, discovered on August 16, follows a 2022 breach of TPG’s Hosted Exchange email service, which impacted business customers and targeted cryptocurrency-related emails.

Who Was Affected

The latest breach mainly affects iiNet customers. According to the company, exposed data includes:

• 280,000 active email addresses
• 20,000 active landline numbers
• 10,000 usernames, street addresses, and phone numbers
• 1,700 modem setup passwords

iiNet clarified that no banking, payment, or government-issued ID data (such as driver’s licenses or passports) were exposed.

“iiNet has been impacted by a cyber incident involving unauthorised access to its order management system by an unknown third party,” the ISP provider said in a notice.

“The iiNet ordering system is used to create and track orders for iiNet services, such as NBN connections. The system contains limited personal information. Importantly, it does not contain copies or details of customer identity document details (such as passport or driver’s licences), credit card or banking information.”

The company said it immediately activated its incident response plan, revoked compromised credentials, and engaged external cybersecurity experts. The company is working with the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

What This Means for Customers

Although no financial or ID documents were leaked, malicious actors could still use the compromised data to conduct targeted phishing attacks or identity fraud, or gain access to home networks via stolen modem passwords.

The data may also be sold on Dark Web marketplaces for use in fraud or scams.

If you are an iiNet customer, we highly recommend:

• Changing your iiNet email and modem passwords
• Staying vigilant against suspicious emails, texts, or calls referencing your iiNet account
• Enabling multi-factor authentication (MFA) wherever possible
• Using a breach monitoring service like Bitdefender Digital Identity Protection to track if your information appears online in data leaks and breaches
• Check links before clicking with Bitdefender Link Checker for free
• Stay alert for scams with Bitdefender Scamio, our free AI-powered scam detection chatbot