Cyber attack on Australia’s TPG Telecom affects 15,000 customers
It is the third cyber attack on a major Australian telco since October
The Australian telco TPG Telecom has been hit by a cyber attack that has put data belonging to 15,000 customers’ at risk.
Mandiant, the firm’s cyber security advisers, notified the company on 13 December that it had found evidence of unauthorised access to a hosted exchange service. TPG Telecom then notified customers the day after, on 14 December, sharing that the affected service hosts email accounts for 15,000 iiNet and Westnet customers, separate companies owned by the telco.
Getting board-level buy-in for security strategy
Why cyber security needs to be a board-level issueFree Download
TPG Telecom said that initial analysis suggested the attacker was hunting for cryptocurrency and financial data.
“We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” the company said. “We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.”
Mandiant said it had been enlisted to help TPG Telecom with conducting an investigation into the incident. As part of this, it carried out a forensic historical review and found the unauthorised access to the hosted exchange platform.
“We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said.
It has also notified the relevant government authorities and plans to communicate directly with affected customers when more information is available.
“This latest breach really does demonstrate that criminals are using Australia to showcase to the world how easy it is to walk into top corporates’ digital premises and steal their customer information,” said Julia O’Toole, CEO of MyCena Security Solutions.
“Details into the incident are still emerging, but with 82% of today’s breaches being executed through stolen credentials, there is a high probability employee usernames and passwords were found and used to access the company, and that through lateral movement and privilege escalation, criminals quickly got the crown jewels,” said O’Toole.
This makes it the third Australian telco to suffer a cyber attack since October 2022. Telstra, the country’s largest telco, was impacted by a data breach in October 2022, which saw around 30,000 past and present employees affected. This was followed by a hack at Optus, leading to a data breach of 10 million customers, in October too. More recently, in December 2022, Telstra shared that an internal IT error caused a data leak, which affected hundreds of thousands of customers.
The number of damaging cyber attacks targeting Australia in recent months led the government to start creating a new cyber security strategy in December 2022. Officials are hoping to help the nation strengthen its critical infrastructure and government networks, and help deepen its cyber security capabilities.
What 2023 will mean for the industry
What do most IT decision makers really think will be the important trends and challenges in the coming year?Free Download
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment modelsFree Download
IDC MarketScape: Worldwide unified endpoint management services
2022 vendor assessmentFree Download
Magic quadrant for application performance monitoring and observability
Enabling continuous updating of diverse & dynamic application environmentsView Now