When was the TPG Telecom iiNet data breach detected?

The cyber incident was detected on Saturday, August 16, 2025, when unauthorized access to iiNet's order management system was discovered.

What system was compromised in the iiNet data breach?

The unauthorized access was to iiNet's order management system, which is used to create and track orders for iiNet services and contains limited personal information.

What customer data was exposed in the iiNet breach?

The exposed data includes approximately 280,000 active iiNet email addresses, around 20,000 active iiNet landline phone numbers, approximately 10,000 iiNet usernames, street addresses associated with usernames, phone numbers linked to usernames, around 1,700 modem setup passwords, and inactive email addresses and phone numbers from former customers.

How many iiNet customers were affected by the data breach?

The breach affected approximately 280,000 active iiNet email addresses, around 20,000 active landline phone numbers, and approximately 10,000 usernames, along with associated personal information. Some data also pertained to former customers whose information was retained for legal, regulatory, or operational requirements.

What is TPG Telecom's relationship to iiNet?

iiNet is a subsidiary of TPG Telecom, which is Australia's second-largest telecommunications provider. TPG owns and operates the iiNet brand and services.

What immediate actions did TPG Telecom take after discovering the breach?

TPG blocked the unauthorized access immediately upon detection and engaged external IT and cybersecurity experts to assist with the investigation into the incident.

Were any sensitive passwords compromised in the iiNet breach?

Yes, around 1,700 modem setup passwords were among the data exposed in the breach, along with other customer information stored in the order management system.

Does the breach affect former iiNet customers?

Yes, some of the exposed data pertains to people who are no longer customers of iiNet but whose information had been stored in the system due to legal, regulatory, or operational requirements.

What has TPG Telecom said about the incident?

TPG apologized to its iiNet customers impacted by the incident and committed to contacting both affected and non-affected customers to provide information and assistance regarding the data breach.

What type of information is stored in iiNet's order management system?

The order management system is used to create and track orders for iiNet services and contains limited personal information including customer contact details, usernames, addresses, and service-related information.

Is this breach related to iiNet's main customer database?

The breach specifically affected iiNet's order management system, which contains limited personal information for service orders and tracking, rather than a comprehensive customer database with full account details.

What should iiNet customers do following this data breach?

iiNet customers should wait for direct communication from TPG Telecom, which will provide specific guidance on any actions they should take. The company has committed to contacting all customers to advise them of their status and any necessary steps.

Incident

Australian telecomgGiant TPG's iiNet subsidiary hit by data breach affecting 280,000 customers

Q: What happened to TPG Telecom and iiNet?

TPG Telecom, Australia's second-largest telco provider, experienced a data breach affecting its iiNet subsidiary. The cyber incident was detected on Saturday, August 16, 2025, and was caused by unauthorized access to iiNet's order management system.

Q: Will TPG Telecom notify affected iiNet customers?

Yes, TPG has stated it will contact impacted customers, advise of any actions they should take, and offer assistance. The company will also contact all non-impacted iiNet customers to confirm they have not been affected.

published: Aug. 19, 2025

Learn More

TPG Telecom, Australia's second-largest telco provider, is reporting a data breach affecting its iiNet subsidiary.

The cyber incident was detected on Saturday, August 16, 2025 and was caused by unauthorized access to iiNet's order management system. The order management system is used to create and track orders for iiNet services, and contains limited personal information.

Early investigations suggest the unauthorized access was gained using stolen account credentials from a single employee. TPG blocked the unauthorized access, and engaged external IT and cybersecurity experts to assist with the investigation.

Exposed data includes:

Approximately 280,000 active iiNet email addresses
Around 20,000 active iiNet landline phone numbers
Approximately 10,000 iiNet usernames
Street addresses associated with usernames
Phone numbers linked to usernames
Around 1,700 modem setup passwords
Inactive email addresses and phone numbers from former customers

Some of the data pertains to people who are no longer customers of iiNet but had been stored in the system due to legal, regulatory, or operational requirements.

TPG apologized to its iiNet customers impacted by the incident and stated it will contact impacted customers, advise of any actions they should take, and offer assistance. The company will also contact all non-impacted iiNet customers to confirm they have not been affected.

Australian telecomgGiant TPG's iiNet subsidiary hit by data breach affecting 280,000 customers

Read More
Broadband provider Brightspeed investigates data breach claims
Taiwan's Chunghwa Telecom and government investigate potential massive …
ComTec Systems Reports Data Breach Following PEAR Ransomware …
Home security/alarm company ADT reports second data breach …
LS Networks telecom operator reports data breach