The Australian telco TPG Telecom has been hit by a cyber attack that has put data belonging to 15,000 customers’ at risk.
Mandiant, the firm’s cyber security advisers, notified the company on 13 December that it had found evidence of unauthorised access to a hosted exchange service. TPG Telecom then notified customers the day after, on 14 December, sharing that the affected service hosts email accounts for 15,000 iiNet and Westnet customers, separate companies owned by the telco.
RELATED RESOURCE
Getting board-level buy-in for security strategy
Why cyber security needs to be a board-level issue
TPG Telecom said that initial analysis suggested the attacker was hunting for cryptocurrency and financial data.
“We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” the company said. “We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.”
Mandiant said it had been enlisted to help TPG Telecom with conducting an investigation into the incident. As part of this, it carried out a forensic historical review and found the unauthorised access to the hosted exchange platform.
“We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said.
It has also notified the relevant government authorities and plans to communicate directly with affected customers when more information is available.
Telstra suffers 'sizeable' data breach, mandates two-step security upgrade Unpatched Exchange servers could be behind Rackspace's ransomware attack, according to one researcher Embattled Medibank faces 48-hour outage as cyber security upgrade begins Australia to hunt down hackers, sets 'most cyber-secure country by 2030' target
“This latest breach really does demonstrate that criminals are using Australia to showcase to the world how easy it is to walk into top corporates’ digital premises and steal their customer information,” said Julia O’Toole, CEO of MyCena Security Solutions.
“Details into the incident are still emerging, but with 82% of today’s breaches being executed through stolen credentials, there is a high probability employee usernames and passwords were found and used to access the company, and that through lateral movement and privilege escalation, criminals quickly got the crown jewels,” said O’Toole.
This makes it the third Australian telco to suffer a cyber attack since October 2022. Telstra, the country’s largest telco, was impacted by a data breach in October 2022, which saw around 30,000 past and present employees affected. This was followed by a hack at Optus, leading to a data breach of 10 million customers, in October too. More recently, in December 2022, Telstra shared that an internal IT error caused a data leak, which affected hundreds of thousands of customers.
The number of damaging cyber attacks targeting Australia in recent months led the government to start creating a new cyber security strategy in December 2022. Officials are hoping to help the nation strengthen its critical infrastructure and government networks, and help deepen its cyber security capabilities.
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
-
Telstra blames IT blunder for leak of 130,000 customer recordsNews Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
-
Embattled Medibank faces 48-hour outage as cyber security upgrade beginsNews The Australian company has called in Microsoft experts as it deals with the fallout of a data breach that led to 9.7 million exposed customer records
