- TPG Telecom confirmed a cyberattack with the country’s Securities Exchange Agency
- Unidentified Crooks stole an employee’s account login and used it to exfilter sensitive data
- Customers of its Iinet-Undermark were affected
TPG Telecom, a larger Australian telecommunications provider, suffered what it described as a “limited” cyberattack – however, after a number of personal information that “limited” comes with quite large quotation marks.
The company issued a statement with the Australian Safe Authorization Exchange, where it is currently reporting to investigate a cyberSecurity event when an unauthorized third party opened its Iinet order control system -internal software tool used in the Iinet brand to create, manage and track customer service orders.
The incident was discovered on Saturday, August 16, with the preliminary investigation showing that the violation of the violation was stolen employee account -credentials. The company described the attack as “limited” as the system that was violated does not contain extensive data. However, data still includes Iinet -e -mail addresses for some customers, Iinet landline numbers, contact names, contact numbers and housing addresses “for a smaller group of customers”.
Names, addresses and phone numbers
What the Iinet Order Management System does not contain are copies or details of identity documents or credit card and bank information.
The number of persons affected is in the hundreds of thousands: 280,000 active email addresses, approx. 20,000 active iinet landline phone numbers, about 10,000 Iinet usernames, street addresses and phone numbers and about 1,700 modem setup passwords, all stolen.
This can trigger a wave of very compelling phishing -e emails, voting fraud and malware / ransomware implementations through vulnerable modems. Phishing -e emails can lead to compromise with bank accounts, social media accounts and other services and can result in identity theft, thread fraud and more.
“We unreservedly apologize to our Iinet customers who are affected by this incident,” TPG Telecom said in the announcement.
“We will take immediate steps to contact Ininet customers, advise on the actions they need to take, and offer our help. We will also contact all non-imperative Iinet customers to confirm that they have not been affected.”
There is currently no evidence of abuse in nature.
Via Registered
