Australian telecoms company TGP Telecoms announced a breach today that saw 15,000 corporate customer emails accessed. Business accounts of both iiNet and Westnet Business appear to have been breached.
The breach was discovered during a forensic historical review by cybersecurity company Mandiant. According to a statement released by TGP, cybercriminals hacked into the primary exchange service to lift financial information and cryptocurrency.
Cyberattack strikes TGP Telecoms
The announcement has caused the company’s share price to dip by 4.73% today to $4.83 a share.
The company has released a statement apologising for the breach. “We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions,” said a spokesperson.
TGP went on to assure customers that they have put measures into place to prevent any further damage. “We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service. We have notified the relevant government authorities,” they said.
TGP Telecoms is Australia’s second largest internet services provider listed on the Australian Securities Exchange. The company has 7.2 million customer accounts. It is home to many network operators, including Vodafone, TPG, iiNet, AAPT, Internode, Lebara and felix.
The company provides internet to over 23 million Australians.
TGP Telecoms has not yet responded to requests for comment from Tech Monitor.
Latest in a spate of attacks
Today’s breach is the latest in a spate of cyberattacks on Australian national infrastructure. Ten Australian companies have experienced high-profile hacks this year, several of which are telecommunications companies.
Australia’s largest telecoms operator Telstra suffered a breach on Sunday that impacted 132,000 customers by exposing their details online, due to what the company called “a misalignment of databases”. This breach comes after 30,000 current and former employee details were leaked by the company in October.
In the same month, Australian health insurance company Medibank was struck by a cyberattack that saw 200GB of personally identifiable information (PII) leaked and traded on the dark web
This attack came weeks after the cyberattack on Australia’s second-largest mobile network Optus, where the point of infiltration was called out as a “basic hack” by Australia’s Minister for Cybersecurity Clare O’Neil. Nearly three million records containing PII were stolen.
Last Friday the Australian government launched a programme called the National Resilience Taskforce, for the development of a new cybersecurity strategy designed to turn the country into a global cyber leader.
A factsheet for the programme reads: “The National Resilience Taskforce will enhance Australia’s national resilience, by examining Australia’s increasing exposure and vulnerability to nationally significant crises and ensuring the Commonwealth has the necessary policy, legislation and capability to manage increasingly complex cascading and concurrent national crises.”