The Australian telco TPG Telecom has been hit by a cyber attack that has put data belonging to 15,000 customers’ at risk.
Mandiant, the firm’s cyber security advisers, notified the company on 13 December that it had found evidence of unauthorised access to a hosted exchange service. TPG Telecom then notified customers the day after, on 14 December, sharing that the affected service hosts email accounts for 15,000 iiNet and Westnet customers, separate companies owned by the telco.
Getting board-level buy-in for security strategy
Why cyber security needs to be a board-level issue
TPG Telecom said that initial analysis suggested the attacker was hunting for cryptocurrency and financial data.
“We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” the company said. “We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.”
Mandiant said it had been enlisted to help TPG Telecom with conducting an investigation into the incident. As part of this, it carried out a forensic historical review and found the unauthorised access to the hosted exchange platform.
“We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said.
It has also notified the relevant government authorities and plans to communicate directly with affected customers when more information is available.
Telstra suffers 'sizeable' data breach, mandates two-step security upgrade Unpatched Exchange servers could be behind Rackspace's ransomware attack, according to one researcher Embattled Medibank faces 48-hour outage as cyber security upgrade begins Australia to hunt down hackers, sets 'most cyber-secure country by 2030' target
“This latest breach really does demonstrate that criminals are using Australia to showcase to the world how easy it is to walk into top corporates’ digital premises and steal their customer information,” said Julia O’Toole, CEO of MyCena Security Solutions.
“Details into the incident are still emerging, but with 82% of today’s breaches being executed through stolen credentials, there is a high probability employee usernames and passwords were found and used to access the company, and that through lateral movement and privilege escalation, criminals quickly got the crown jewels,” said O’Toole.
This makes it the third Australian telco to suffer a cyber attack since October 2022. Telstra, the country’s largest telco, was impacted by a data breach in October 2022, which saw around 30,000 past and present employees affected. This was followed by a hack at Optus, leading to a data breach of 10 million customers, in October too. More recently, in December 2022, Telstra shared that an internal IT error caused a data leak, which affected hundreds of thousands of customers.
The number of damaging cyber attacks targeting Australia in recent months led the government to start creating a new cyber security strategy in December 2022. Officials are hoping to help the nation strengthen its critical infrastructure and government networks, and help deepen its cyber security capabilities.
