Australian ISP iiNet confirms information breach as hackers stole 280,000 electronic mail accounts, telephone numbers and person information utilizing stolen worker credentials, TPG says.
Australian web supplier iiNet has confirmed a knowledge breach in its order administration system, with father or mother firm TPG Telecom reporting that buyer info was accessed utilizing stolen worker credentials.
The breach was detected on Saturday, 16 August 2025, after attackers used stolen worker credentials to realize entry to the system. In response to TPG, the knowledge uncovered was restricted in scope in contrast with different current company breaches, however the particulars are nonetheless delicate sufficient to trigger issues for patrons.
Preliminary investigations present that round 280,000 lively iiNet electronic mail addresses have been uncovered, together with 20,000 landline numbers and about 10,000 usernames, road addresses, and telephone numbers. A smaller however vital set of roughly 1,700 modem setup passwords was additionally compromised.
Whereas the corporate says that no monetary information, identification paperwork, or cost particulars have been included, cybersecurity specialists warn that non-public contact info is commonly priceless to criminals who launch phishing and social engineering assaults.
TPG Telecom stated it acted rapidly as soon as the breach was confirmed. The corporate disabled the compromised accounts, introduced in exterior safety specialists, and knowledgeable the Australian Cyber Safety Centre, the Nationwide Workplace of Cyber Safety, and the Workplace of the Australian Info Commissioner. This exhibits the seriousness of the case, since coordination with authorities companies is simply triggered in incidents thought of vital.
In case you are an iiNet buyer, change any passwords linked to iiNet providers, particularly if the identical credentials are used throughout a number of platforms. Stay alert for suspicious emails or calls that will attempt to exploit the uncovered info.
Second TGP Information Breach Since 2022
This isn’t the primary time TPG and iiNet have confronted cybersecurity incidents. In December 2022, as reported by Hackread.com, hackers breached TPG Telecom’s electronic mail service and accessed consumer information.
This incident provides iiNet to the rising listing of Australian corporations which were hit by cyberattacks lately. In September 2022, Optus, the nation’s second-largest telecom agency, suffered a knowledge breach that uncovered the private particulars of hundreds of thousands of consumers. The incident additionally led the corporate to problem a public apology.
TPG has begun notifying each impacted and non-impacted clients as a precaution, providing sources to assist them safe their accounts.
