What Happened
-
On August 16, 2025, hackers gained unauthorized access to iiNet’s order management system, using stolen employee credentials.
-
The breach exposed:
-
280,000 active iiNet email addresses
-
20,000 active landline phone numbers
-
10,000 customer usernames, street addresses, and phone numbers
-
1,700 modem setup passwords
-
Some inactive customer records were also compromised
-
-
Importantly, no financial data—such as credit card or banking details—or identification documents like passports or driver’s licenses were compromised.
iiNet’s Response
-
The breach was swiftly addressed—with access removed and an incident response plan activated.
-
iiNet brought in external cybersecurity experts and is cooperating with key Australian authorities, including:
-
Australian Cyber Security Centre (ACSC)
-
National Office of Cyber Security
-
Australian Signals Directorate
-
Office of the Australian Information Commissioner (OAIC)
-
-
A dedicated hotline and online info page have been set up for affected users, with iiNet proactively contacting both impacted and unaffected customers.
-
TPG CEO Inaki Berroeta issued an apology and confirmed no broader impact to TPG systems.
What You Should Do
-
Be on high alert for phishing attempts, whether via email, SMS, or calls—especially if they reference your contact details.
-
Change your modem setup password if advised.
-
Enable Multi-Factor Authentication (MFA) where possible.
-
Never click suspicious links or provide sensitive information to unknown sources.
Summary Table
| Aspect | Details |
|---|---|
| When Detected; | August 16, 2025 |
| Data Exposed; | 280k emails, 20k landlines, 10k addresses/usernames, 1.7k modem passwords |
| No Exposure of | Financial or formal ID documents |
| Response; | Incident plan enacted, external experts engaged, authorities notified |
| Advice to Customers; | Watch for phishing, reset passwords, use MFA, and contact iiNet if unsure |
0 Comments