Credit: TPG Telecom
TPG Telecom’s external cyber security adviser Mandiant has uncovered evidence of unauthorised access to a Hosted Exchange service that holds about 15,000 iiNet and Westnet email accounts for business customers.
According to a statement to shareholders on the Australian Securities Exchange (ASX), TPG said primary analysis to date appears the aim of the threat actor was to search for customers’ cryptocurrency and financial information.
“We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” TPG said. “This incident doesn’t affect any home or personal iiNet or Westnet products, such as broadband or mobile.”
The unauthorised access was discovered when Mandiant conducted a forensic historical review.
“We have implemented measures to stop the unauthorised access, further security measures have been put in place and we are in the process of contacting all affected customers on the Hosted Exchange service. We have notified the relevant government authorities,” TPG said.
“The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available.”
Last month Optus put $140 million aside as an ‘exceptional expense’ towards recovery activities following its mass cyber security breach in September.
This was revealed in the telco’s half-yearly report ending 30 September. The $140 million will cover the expected costs of actions such as replacing identity documents and investments towards lifting its cyber security capabilities.
At the time, Optus CEO Kelly Bayer Rosmarin said it was committed to rebuilding trust following the cyber attack on its customers.
In December, Telstra mistakenly listed customer names, numbers and addresses being listed when they should not have been on its Directory Assistance and the White Pages. The telco clarified there was no cyber activity involved, but rather a "misalignment of databases".
Last month the Australian Federal Police revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia.
On October 13, Medibank revealed there had been a “cyber incident” that unravelled into a potentially much more harmful breach than the infamous Optus breach, which impacted a third of the Australian population.
Medibank informed that names, dates of birth, phone numbers and email addresses of 9.7 million current and former customers had been accessed. Other documents accessed for some included Medicare numbers and passport numbers.
What makes this worse is that, because Australian regulation requires insurers to retain certain information from current and past customers for seven years, highly sensitive data of 480,000 people were accessed in the Medibank breach, including their service provider name and location, where the customers received certain medical services, and codes associated with diagnosis and procedures administered.
