Summary:
iiNet, one of Australia's biggest internet service providers operated by TPG Telecom, confirmed an unauthorized third party hacked into its order management system. Employing stolen employee passwords, the attacker was then able to extract about 280,000 active iiNet email addresses and 20,000 active landline phone numbers.

The attack also included about 10,000 records containing usernames, street address, and phone numbers, and close to 1,700 modem setup passwords. Luckily, no banking or financial data and no identity documents were compromised. On August 16, the breach was discovered and iiNet activated its incident response plan immediately. Security experts from the external side of the company have been introduced, and investigation is ongoing. Customers are contacted directly, authorities have been notified, and a support line has been established to assist impacted individuals.

Security Officer Comments:
This attack is a stark reminder of where attacker convenience and normal trust overlap to create danger. This data revealed does not necessarily look very sensitive at first glance, but to phishers it is a treasure trove for building very effective phishing or social engineering attacks.

The addition of modem configuration data is especially disturbing because this type of information can be used to deceive home networking equipment. iiNet has every right to ring alarm bells and accept responsibility, but what this teaches us is an urgent industry-wide need: telecommunication and ISP providers need to put the same defensive effort into their back-end systems as they do external-facing networks. Even previously "low-risk" data can run amok if in the wrong hands.

Suggested Corrections:

• Conduct a full review of credential policies, especially around internal systems like order management. Ensure strict access controls and MFA for all staff.
• Encourage customers to remain alert, particularly to phishing attempts that use real or recently exposed data points.
• Rotate default and device-level passwords such as those used for modems or routers across the user base.
• Continue engagement with national security bodies such as ACSC, OAIC, and ACSC for incident assistance and proactive guidance.
• Use this as a case in tabletop exercises and refine readiness techniques across vendors and operators.

Link(s):
https://www.infosecurity-magazine.com/news/aussie-isp-iinet-breach-280000/https://www.reuters.com/business/me...s-cyber-incident-its-iinet-system-2025-08-19/