Australia’s second-largest internet provider, TPG Telecom, has confirmed it is investigating a serious cyber incident linked to its iiNet system. The company revealed that an unknown third party was able to gain unauthorized access to its internal order management platform, exposing details of hundreds of thousands of customers.

What Happened in the iiNet Cyber Incident

The discovery has raised concerns because iiNet is one of TPG’s well-known brands. TPG acquired the provider in 2020 and has since used the system to create and track orders for broadband connections and other services. TPG reassured customers that the compromised platform does not store banking information or official identity documents, but many people feel alarmed because an outsider copied personal details.

The company explained that the incident centered on iiNet’s order management system, which processes and keeps track of customer requests. Unlike financial databases, this system does not store payment card data or government identification numbers. However, it contained a large amount of contact information from customers who used iiNet services.

Early checks showed that attackers extracted around 280,000 active email addresses from the system. They also took about 20,000 active landline phone numbers. The breach exposed roughly 10,000 records containing customer names, street addresses, and phone numbers. Attackers also copied a smaller number of passwords during the incident, though the company has not publicly confirmed the exact figure.

TPG stressed that the incident did not spread into its larger systems. The company found no evidence that the breach impacted its core network, which provides internet and mobile services to millions of Australians. It isolated the affected platform to iiNet’s order management function and quickly shut down unauthorized access once it detected the breach.

How the Breach Was Detected

Investigations so far suggest that the intruder gained access using stolen account credentials from an employee. This means that instead of breaking through firewalls with sophisticated tools, the attacker was able to log in with details that looked legitimate. Once inside, the third party had the ability to look through and copy certain records stored in the order system.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

TPG said it uncovered unusual activity on the platform, which triggered a deeper review of its operations. The company confirmed that it quickly removed the intruder’s access and prevented further data loss. It continues to work with external cyber experts to analyze the full scale of the breach and to inform customers about the types of information involved.

The company has not revealed how long the intruder accessed the system, but it assured customers that it is taking measures to secure affected accounts. Although no evidence shows that anyone has misused the information so far, the exposure of email addresses, landline numbers, and home details increases the risk of phishing attempts and unwanted contact.

What Customer Data Was Taken

The types of information exposed varied depending on the customer. Many customers lost only their email addresses, while attackers also stole phone numbers and street addresses from others. Hackers copied around 280,000 email addresses and took about 20,000 active landline numbers. They accessed around 10,000 customer profiles that contained names, addresses, and mobile numbers. In some cases, they also stole account passwords, which raised additional concerns about security.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

TPG made it clear that the iiNet order management system did not store banking details or identity documents, so attackers did not expose any direct financial information. The breach only affected details used for managing service orders. Still, attackers accessed login credentials and personal contact details, which shows how they can use such information to run scams or launch targeted attempts to trick customers.

The company confirmed that it quickly removed the intruder’s access and prevented any further data loss. It is working with external cyber experts to analyze the full scale of the breach and to inform customers about the types of information involved.