• TPG Telecom confirms a cyberattack exposed personal data of over 280,000 iiNet customers, including emails, phone numbers, and modem setup passwords.
  • The breach was caused by stolen employee credentials, with no financial or ID documents accessed, according to the company.
  • Customers are urged to stay vigilant, update passwords, and follow key security practices to protect their Internet connection.

Hundreds of thousands of iiNet customers have had their personal information compromised following a cyberattack on the systems of Australia’s second-largest Internet provider, TPG Telecom Group.

What happened?

TPG Telecom, the parent company of iiNet, confirmed that an unauthorised third party gained access to its order management system.

The breach occurred after a malicious actor stole employee login credentials, allowing them to extract sensitive customer information.

According to the company, the exposed data includes:

  • Approximately 280,000 active email addresses
  • Around 20,000 active landline phone numbers
  • An additional 10,000 usernames, physical addresses, and phone numbers
  • Roughly 1,700 modem setup passwords

While no credit card details, banking information, or identity documents (such as passports or driver’s licences) were accessed, the breach has nonetheless raised serious concerns about customer privacy and data security.

The breach was identified on a Saturday, but affected customers and shareholders were not notified until the following Tuesday.

How TPG is responding

TPG Telecom has apologised publicly, stating:

“We unreservedly apologise to our iiNet customers impacted by this incident.”

The company has taken several immediate steps, including:

  • Removing the unauthorised access from its systems
  • Engaging external cyber security experts to assist in the investigation and response
  • Cooperating with relevant authorities, including the Australian Cyber Security Centre, National Office of Cyber Security, and the Office of the Australian Information Commissioner
  • Notifying affected and unaffected customers accordingly
  • Establishing a dedicated hotline for customer enquiries

How to keep your Internet connection safe

In light of this breach, it’s more important than ever to take steps to safeguard your Internet use. Here are some key tips to help you stay protected:

Use strong, unique passwords

Avoid using the same password across multiple sites. Use a combination of uppercase and lowercase letters, numbers, and symbols. Consider using a password manager to keep track of them securely.

Enable two-factor authentication (2FA)

Whenever possible, enable 2FA on your accounts to add an extra layer of security, especially for your email and Internet service provider accounts.

Regularly update your modem and router

Keep your hardware’s firmware up to date to protect against known vulnerabilities. Also, change the default admin passwords on your modem or router.

Watch for phishing scams

Be cautious of unsolicited emails, calls, or text messages asking for personal or financial information. Scammers may use information from breaches to make their messages appear legitimate.

Secure your Wi-Fi network

Use WPA3 (or WPA2 at a minimum) encryption, disable remote access if you don’t need it, and avoid using easily guessable network names (SSIDs).

Check for unusual activity

Regularly monitor your online accounts for unusual logins or activity. If anything seems suspicious, change your password and notify your provider.

What should iiNet customers do?

If you're an iiNet customer, keep an eye out for communication from the company regarding whether your information was affected. Even if you weren’t directly impacted, now is a good time to strengthen your security habits and remain vigilant.

Contact Compare Broadband to learn more

Want to learn more about how to protect your Internet setup or explore alternative broadband providers with better security practices? Speak with an expert today.

Call 1300 764 000 to chat with a broadband specialist at Compare Broadband.