Australia’s second-largest internet provider, iiNet, has confirmed a serious cybersecurity breach that has compromised the personal data of hundreds of thousands of customers. The incident, which was discovered on Saturday, August 16, and publicly disclosed on Tuesday, August 19, has raised significant concerns about data security and customer privacy across the nation.

According to iiNet’s parent company, TPG Telecom, an unknown third party gained unauthorised access to iiNet’s order management system by stealing account credentials from an employee. This system, while not housing sensitive financial or identity documents, did contain a substantial amount of personal information.

The breach has resulted in the exposure of:

• Approximately 280,000 active email addresses
• Around 20,000 active landline phone numbers
• Roughly 10,000 usernames, street addresses, and phone numbers
• About 1,700 modem setup passwords

TPG has assured customers that no credit card details, banking information, or identity documents such as passports or driver’s licences were stored in the affected system. However, the scale and nature of the compromised data still pose a significant risk, particularly in relation to phishing scams, identity theft, and unauthorised access to home networks.

In response to the breach, iiNet has:

• Removed the unauthorised access from its systems
• Engaged external cybersecurity experts to conduct a forensic investigation
• Begun contacting affected customers directly
• Established a dedicated support hotline at 1300 861 036

Customers are urged to remain vigilant. Suspicious emails, texts, or phone calls claiming to be from iiNet should be treated with caution. iiNet recommends resetting passwords for any accounts that may share credentials with iiNet services and enabling multi-factor authentication wherever possible. The company also advises against clicking on unfamiliar links or providing personal information under pressure.

This incident highlights the growing threat of cybercrime in Australia and the importance of robust data protection measures. Carol Bennett, CEO of the Australian Communications Consumer Action Network (ACCAN), emphasised the need for swift, clear communication with customers during such breaches and called on businesses to reassess their cybersecurity frameworks in light of this event.

TPG Telecom has apologised unreservedly to impacted customers and is working closely with federal authorities, including the Australian Cyber Security Centre, the National Office of Cyber Security, and the Office of the Australian Information Commissioner, to manage the fallout and prevent further incidents.

For ongoing updates and support, customers are encouraged to visit iiNet’s official cyber incident page.

Stay safe, stay alert—and if in doubt, reach out directly to iiNet or trusted cybersecurity resources.