Tangerine Telecom exposes data of 232k customers in asecurity breach

Tangerine Telecom, a prominent internet service provider and the "exclusive telecommunications partner" of the Commonwealth Bank of Australia, has experienced a significant data breach impacting 232,000 current and former customers.

The breach occurred on February 18th, 2024, and was discovered on February 20th, 2024. It involved unauthorized access to a legacy customer database dating from June 2019 to July 2023. Preliminary investigations have pinpointed the breach to unauthorized access related to a legacy customer database, facilitated by the login credentials of a contractor. Tangerine is currently conducting a thorough investigation to understand the full scope and impact of the breach.

The breach resulted in the exposure of personal information including

• full names,
• dates of birth,
• mobile numbers,
• email addresses,
• postal addresses,
• Tangerine account numbers.

Tangerine has assured that no payment information, driver's license or ID documentation details, bank account information, or passwords were leaked as they do not store these details. Additionally, customers of More, a sibling brand of Tangerine, were not affected by this incident.

The company has taken immediate steps to revoke the implicated contractor's access to its network and systems.

Customers are encouraged to change their Tangerine account numbers and add security questions to their accounts for enhanced security. Given the increased risk of scam calls, texts, and emails, Tangerine urges affected customers to exercise caution and verify the authenticity of any communication claiming to be from Tangerine.