iiNet internal systems hacked – 280,000 customers details exposed

TPG Telecom sub-brand iiNet has revealed they were the victim of a Cyber Incident on the weekend which saw hackers get access to an internal “order management system”.

The system, used to book things like new NBN connections, probably replacement hardware and such, contained email addresses for 280,000 active iiNet customers, and while iiNet and TPG are at pains to point out no financial or banking details were included, there is more details in the system that could prove useful to cyber criminals.

“We unreservedly apologise to the iiNet customers impacted by this incident,” said TPG Telecom chief executive officer, Inaki Berroeta.

“We are continuing our investigations to ensure we understand all details surrounding this incident.  We will begin contacting customers to make them aware of the incident, apologise and provide details on the support available.”

In a statement to EFTM, the company also said “We can confirm no credit, banking or financial information have been compromised. No driver’s license numbers, ID documentation details, or bank account details were disclosed as a result of this incident.”

What was accessed? Well, in addition to the almost 300,000 active email address, there were also 20,000 active iiNet landline phone numbers, and an unspecified number of inactive email addresses and phone numbers.

Plus, 10,000 iiNet user names, Street addresses and phone numbers, and for 1,700 users, their modem set-up passwords also appear to have been accessed.

iiNet has setup a dedicated hotline for customers to ask any questions, so you can call 1300 861 036 any time.

As is often the case, the risk to customers here is not financial directly, but more through likely scams.

iiNet customers should be on high alert for any phone calls, emails or text messages that claim to be about their account, or appear to have information such as their username, phone number and street address as a way of – in essence – pretending to verify that the scammers are in fact from iiNet – when they are not.

If you get any contact from iiNet – do not take direct action from it, be that an email or text link. Instead head independently to the iiNet website or call 1300 861 036.