TPG reveals emails of 15,000 iiNet and Westnet customers exposed in hack

Telecommunications company says hacker searched for customers’ cryptocurrency and financial information

Telecommunications giant TPG has revealed an email-hosting service used by up to 15,000 iiNet and Westnet business customers has been breached, with the hacker looking for cryptocurrency and other financial information.

TPG said in a release to the Australian Securities Exchange (ASX) on Wednesday that cybersecurity firm Mandiant had found evidence of unauthorised access to a Hosted Exchange service used by iiNet and Westnet business customers.

A Hosted Exchange service is a Microsoft product that is operated by iiNet and Westnet to provide email services to customers – typically as part of a bundle of business or home broadband services.

TPG said initial analysis of the activity on the service showed the aim of the threat actor was to search for customers’ cryptocurrency and financial information.

The company has not said what might have been obtained in the attack, but an investigation is under way and affected customers will be advised.

TPG told the ASX the breach did not affect mobile or broadband services, and access has been cut off for the attacker.

“We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said. “We have notified the relevant government authorities.”

On Monday, TPG’s biggest rival Telstra reported that a “misalignment of databases” had resulted in the details of up to 130,000 unlisted customers being made available via directory assistance or the White Pages.

Health insurer Medibank also revealed on Wednesday that law firm Maurice Blackburn had lodged a complaint with the Office of the Australian Information Commissioner (OAIC) in relation to its cyber-attack that resulted in the personal information of 10m current and former customers being published on the dark web.

It is separate to the investigation launched by the OAIC at the start of December. Medibank said it had not been contacted about the complaint by the OAIC, but the complaint alleges Medibank has breached the Australian Privacy Principles and seeks compensation for individuals whose personal information was exposed as a consequence of the cybercrime.

“Medibank continues to support its customers from the impact of this crime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures,” a Medibank spokesperson said.


Josh Taylor

The GuardianTramp

Related Content

Article image
Is it worth taking out personal cyber insurance in case you are caught up in a data hack?
Experts say investing in identity theft protection may provide peace of mind, but won’t help recover lost information

Josh Taylor

28, Nov, 2022 @11:30 PM

Article image
Medibank reveals hack could affect all of its 3.9 million customers
Medibank says it is in communication with the hacker, but declined to say whether it would pay any demands made

Josh Taylor

25, Oct, 2022 @6:02 AM

Article image
Medibank hacker says ransom demand was US$10m as purported abortion health records posted
Post on blog linked to Russian ransomware group says it offered ‘discount’ ransom to health insurer of US$9.7m, or $1 for each customer’s data

Josh Taylor

09, Nov, 2022 @10:38 PM

Article image
EasyJet reveals cyber-attack exposed 9m customers' details
Airline apologises after credit card details of about 2,200 passengers were stolen

Jasper Jolly

19, May, 2020 @11:13 AM

Article image
Cybercrime in Australia has been on the rise for years, but Optus and Medibank have been wake-up calls
Experts say the recent prominence of data breaches is just companies being more forthcoming and the media more focused on reporting them

Josh Taylor

28, Oct, 2022 @7:00 PM

Article image
Medibank class action launched after massive hack put private information of millions on dark web
Law firm Baker McKenzie says company failed to protect privacy of customers in Australia and overseas

Josh Taylor

16, Feb, 2023 @1:42 AM

Article image
Cupid Media hack exposed 42m online dating passwords
Niche online dating provider admits that January breach exposed unencrypted user information – including dates of birth. By Alex Hern

Alex Hern

20, Nov, 2013 @1:11 PM

Article image
Purported Optus hacker releases 10,000 records including email addresses from defence and prime minister’s office
Optus CEO says federal police are ‘all over’ post with ultimatum demanding $1m within four days after massive data breach

Natasha May and Josh Taylor

27, Sep, 2022 @1:32 AM

Article image
I am a Medibank customer. Am I affected by the cyber-attack? What can I do to protect myself?
Experts suggest using multifactor authentication and telling your bank to put extra security checks in place

Josh Taylor

02, Dec, 2022 @3:08 AM

Article image
Australian companies don’t value keeping our data safe because they have little to lose. Our laws need to change that | George Newhouse and Duncan Fine
Our nation’s data security practices have been so sloppy that recent major data breaches could have been avoided with simple protections

George Newhouse and Duncan Fine

16, Nov, 2022 @11:27 PM