TPG Telecom Data Breach: How One Hack Exposed 300,000 Customers

The Australian telecommunications provider TPG Telecom has reported a serious security incident affecting the infrastructure of its subsidiary brand iiNet, which offers Australians fixed-line and mobile internet, telephony, and television services.

An unidentified attacker gained access to the provider’s order management system by leveraging legitimate credentials. This system, responsible for processing and tracking service orders, became the source from which customer information was exfiltrated.

According to the company, the breach resulted in the compromise of approximately 280,000 active iiNet email addresses and around 20,000 fixed-line numbers. In addition, the attacker obtained data from 10,000 customer accounts, including usernames, phone numbers, and postal addresses. Roughly 1,700 modem configuration passwords were also exposed. The dataset further contained outdated contact details no longer in use.

TPG emphasized that the system does not store copies of identity documents, payment card information, or any other financial data. Current investigations indicate no evidence that the breach extended beyond the order management platform. Nevertheless, the company decided to notify not only those directly affected but all iiNet customers, to assure them that their accounts remained uncompromised.

The operator issued an apology for the incident and confirmed that relevant government authorities had been informed. A formal investigation is underway to determine the precise circumstances of the intrusion and to prevent such events from recurring.