Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG


Australia's TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers.

Australia’s TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers.

The second largest telecommunications company in the country, TPG Telecom was formerly known as Vodafone Hutchison Australia, but was renamed after its merger with TPG.

On Wednesday, the company announced that unauthorized access to a hosted Exchange service was identified during a forensic review.

“TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorized access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the wireless carrier announced.

The company claims that the attackers were searching for customer’s cryptocurrency and financial data, but did not specify whether customer information was indeed accessed during the attack.

“We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions,” TPG Telecom said.

No home or personal iiNet or Westnet products were impacted in the incident, the company says.

The wireless carrier did not share details on how the attackers gained access to the hosted service, but said that it has implemented measures to close the breach.

“The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available,” the company said.

SecurityWeek has emailed TPG Telecom for additional information on the incident and will update this article when a reply arrives.

The incident is one of the many recent high-profile cyberattacks impacting Australian companies, after Singtel-owned Optus, Medibank, and a second Singtel subsidiary were hacked. In October, the country proposed tougher penalties for companies that fail to properly protect their customers’ data.


By Ionut Arghire on Thu, 15 Dec 2022 12:56:02 +0000
Original link