TPG Telecom has revealed that iiNet’s order management system was breached by an unknown attacker who abused legitimate credentials to gain access.
The telco said [pdf] that it “appears” that a list of email addresses and phone numbers was extracted from the system.
“Based on current analysis, the list contained around 280,000 active iiNet email addresses and around 20,000 active iiNet landline phone numbers, plus inactive email addresses and numbers,” TPG said.
“In addition, around 10,000 iiNet usernames, street addresses and phone numbers and around 1700 modem set-up passwords, appear to have been accessed.”
The order management system is used to create and track orders for iiNet services.
TPG Telecom said that the system does not store “copies or details of identity documents, credit card or banking information.”
The telco apologised “unreservedly” for the incident and said it would contact all iiNet customers, both those impacted as well as “all non-impacted iiNet customers to confirm they have not been affected.”
Investigations so far have not uncovered any escalation of the breach by the attacker beyond the order management system.
TPG Telecom has advised relevant government agencies of the incident.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Forrester's Technology & Innovation Summit APAC 2025
Digital Leadership Day Western Australia
Government Cyber Security Showcase Western Australia
Government Innovation Showcase Western Australia
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
