An unknown hacker claims to have breached iiNet subsidiary Westnet and accessed a large database of information including customer data.
The hacker - who goes under the moniker Mufasa The God - is offering the data for sale in an online forum, claiming it contains unencrypted passwords.
The attacker did not post any sample information from the database, and is yet to name a price for the information.
The claims were first spotted by Sydney-based infosec watcher Cyber War News on Twitter, which posted a screenshot of the hacker's sales offer.
seems westnet, one of aussies biggest ISP's has been owned. pic.twitter.com/kYYYjIMJnL— CWN (@Cyber_War_News) June 6, 2015
iiNet chief information officer Matthew Toohey told iTnews the provider had been made aware of a possible security breach on a Westnet system and was currently investigating.
"Our customers' privacy and security is our highest priority and we will advise customers if any action is required," Toohey said.
He did not provide any further detail on the intrusion - including the number of potential customers affected - or if a mass customer password reset was required.
However in an email to customers, iiNet advised users to change their passwords.
"Customer username, address, telephone and, in some cases, password information may have been accessed, however, no payment details were stored on the server. The system is now offline and at no further risk," iiNet advised.
"As a precautionary measure we recommend you change the passwords associated with your Westnet email addresses immediately to prevent any unauthorised access."
The hacker appeared to be offline and uncontactable over the long weekend.
iiNet acquired Westnet for $81 million in 2008.