Skip to content
News

iiNet confirms a cyber attack, revealing customer contact information leaked

Unauthorized access to iiNet's order management system led to the exposure of customer contact details for a vast number of users. The incident, discovered on August 16, 2025, affected the Perth-based internet service provider, a subsidiary of TPG Telecom group. The breached system was...

 and  Administrator
2 min read
Cyberattack on iiNet Reveals Customer Contact Information
Cyberattack on iiNet Reveals Customer Contact Information

iiNet confirms a cyber attack, revealing customer contact information leaked

In a recent development, the Australian internet service provider iiNet has reported an eligible data breach, as confirmed by the Australian Cyber Security Centre (ACSC). The Notifiable Data Breaches (NDB) scheme, which applies to iiNet, requires organizations to notify individuals and the Office of the Australian Information Commissioner (OAIC) of such breaches.

The breach at iiNet involved the exposure of personal information, including customer email addresses, landline numbers, usernames, street addresses, phone numbers, and modem set-up passwords. A total of 280,000 active customer email addresses, 20,000 active landline numbers, 10,000 usernames, street addresses, and phone numbers, and 1,700 modem set-up passwords are believed to be affected.

Tony Jarvis, the Field CISO and VP APJ at Darktrace, emphasized the importance of cybersecurity best practices in such situations. He stated, "Enterprise cybersecurity 101 states that access credentials must be routinely updated with strong, unique passwords and Multi-Factor Authentication (MFA) enabled."

The ACSC also advised individuals to be alert to suspicious emails, texts, or phone calls claiming to be from iiNet or related services. It is crucial for individuals to avoid clicking links or downloading attachments from unverified senders, and to be wary of any requests for personal information or passwords.

In response to the phishing attempts and social engineering campaigns, iiNet itself had warned its customers to be vigilant and advised them to be wary of emails or calls requesting personal information or passwords. The company also recommended the use of multi-factor authentication.

Under the NDB scheme, organizations are required to have robust cybersecurity measures in place, such as regularly updating access credentials with strong, unique passwords and enabling MFA. The ACSC further urged organizations to implement these best practices to prevent data breaches and protect customer information.

If notified by iiNet that their credentials were exposed, individuals are advised to change their modem set-up passwords immediately. It is essential to stay vigilant and follow these precautions to ensure the security of personal information in the digital age.

Read also:

Related

Latest