Australian internet provider iiNet confirms major data breach affecting 280,000+ customers after hackers used stolen employee credentials to access order management system. TPG CEO apologises "unreservedly" as investigation continues.
HR giant Workday confirms data breach affecting 70+ million users worldwide after hackers infiltrated third-party CRM platform via social engineering. Attack part of broader ShinyHunters campaign targeting major corporations through Salesforce systems.
British telecom giant Colt Technology Services confirms WarLock ransomware attack affecting global operations across 40 countries. Hackers demand $200,000 for stolen data including employee salaries and customer information.
Australian internet provider iiNet confirms major data breach affecting 280,000+ customers after hackers used stolen employee credentials to access order management system. TPG CEO apologises "unreservedly" as investigation continues.
Cyber News Centre's cyber update for 20th August 2025: iiNet has confirmed a significant data breach affecting over 280,000 customers after an unknown attacker gained unauthorised access to its order management system using stolen employee credentials, with TPG Telecom CEO issuing an unreserved apology.
iiNet is one of Australia's major internet service providers and a subsidiary of TPG Telecom, the country's second-largest telecommunications company. The company provides broadband, mobile, and telecommunications services to residential and business customers across Australia.
Update: Yesterday, TPG Telecom confirmed that its subsidiary iiNet was the target of a significant cyberattack that led to the unauthorised access of personal data belonging to more than 280,000 customers. The breach, detected on Saturday, August 16, occurred after an attacker gained access to iiNet's order management system using stolen employee credentials.
The compromised data includes around 280,000 active email addresses, 20,000 active landline phone numbers, and approximately 10,000 customer usernames, street addresses, and phone numbers. In addition, about 1,700 modem set-up passwords were accessed. TPG clarified that no financial information or identity documents were exposed.
The company has secured the affected system and engaged external cybersecurity experts to investigate the incident. All affected customers are being notified, and a dedicated hotline has been set up to provide support.
TPG Telecom CEO Inaki Berroeta stated, “We unreservedly apologise to our iiNet customers impacted by this incident. We are continuing our investigations to ensure we understand all details surrounding this incident.”
He confirmed that early findings suggest access was gained using stolen credentials from a single employee account. The breach was not ransomware-related, and no further escalation beyond the order management system has been identified.
The company immediately activated its incident response plan and is working closely with the Australian Cyber Security Centre, the National Office of Cyber Security, the Australian Signals Directorate, and the Office of the Australian Information Commissioner.
Why it Matters:
This attack highlights the persistent risks facing major telecommunications providers and the far-reaching consequences for customers when personal data is exposed. The compromised information, including email addresses, phone numbers, and street addresses, leaves iiNet customers vulnerable to phishing attempts, identity theft, and other malicious activity.
For TPG Telecom, the breach represents a serious test of its security posture and customer trust. It also brings regulatory attention, particularly from the Office of the Australian Information Commissioner. The company’s ability to support affected customers, strengthen its internal security measures, and prevent further compromise will be crucial in determining the long-term impact on its reputation.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
HR giant Workday confirms data breach affecting 70+ million users worldwide after hackers infiltrated third-party CRM platform via social engineering. Attack part of broader ShinyHunters campaign targeting major corporations through Salesforce systems.
British telecom giant Colt Technology Services confirms WarLock ransomware attack affecting global operations across 40 countries. Hackers demand $200,000 for stolen data including employee salaries and customer information.
Scotch College in Melbourne has confirmed a cyberattack that exposed data belonging to families and graduates. The breach, detected over the weekend, prompted server shutdowns, account suspensions, and a forensic investigation to determine the scope of information accessed.
Columbia University confirms massive data breach affecting 870,000 students, applicants and employees. Politically motivated hacker stole Social Security numbers, academic records and financial data in sophisticated attack targeting admissions practices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
