Another one.
TPG Telecom has revealed that iiNet’s order management system was breached by an unknown attacker who abused legitimate credentials to gain access.
“Based on current analysis, the list contained around 280,000 active iiNet email addresses and around 20,000 active iiNet landline phone numbers, plus inactive email addresses and numbers,” TPG said.
“In addition, around 10,000 iiNet usernames, street addresses and phone numbers and around 1700 modem set-up passwords, appear to have been accessed.”
TPG Telecom said that the system does not store “copies or details of identity documents, credit card or banking information.”
The telco apologised “unreservedly” for the incident and said it would contact all iiNet customers, both those impacted as well as “all non-impacted iiNet customers to confirm they have not been affected.”
TPG Telecom reveals iiNet order management system breached.
iiNet urges our customers to remain vigilant, especially to any suspicious communications received via email, text or phone call. If in doubt, contact iiNet directly or seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au.
Companies need to start treating personal data like toxic waste rather than a treasure trove. Minimise data collection and holdings, then delete as soon as possible.