BREAKING: iiNet Cyber Attack Exposes Data of 300,000 Customers
Today’s email is brought to you by Empower your podcasting vision with a suite of creative solutions at your fingertips.
Internet service provider iiNet disclosed Monday that cybercriminals accessed personal information of approximately 300,000 customers through an unauthorized breach of its order management system, marking one of the largest telecommunications data breaches in recent Australian history.
The company confirmed the incident on Saturday, August 16, after discovering an unknown third party had gained access to the system used to create and track customer service orders, including NBN connections. The breach exposed around 280,000 active email addresses, 20,000 landline phone numbers, and additional personal details of thousands more customers.
"iiNet has been impacted by a cyber incident involving unauthorised access to its order management system by an unknown third party," the company said in a statement posted on its website Monday.
According to forensic experts investigating the breach, cybercriminals extracted a comprehensive list of customer contact information. The compromised data includes around 10,000 customer usernames, street addresses and phone numbers, plus approximately 1,700 modem setup passwords, the company said.
The breach also affected inactive customer accounts, though iiNet did not specify how many former customers were impacted.
Critical Systems Unaffected
iiNet emphasized that the compromised system did not contain the most sensitive customer information, including identity documents, financial data or payment details.
"The system contains limited personal information. Importantly, it does not contain copies or details of customer identity document details (such as passport or driver's licences), credit card or banking information," the company stated.
The telecommunications provider immediately activated its incident response procedures upon discovering the breach and engaged external cybersecurity specialists to assist with the investigation and system security restoration.
Government Agencies Notified
iiNet has contacted multiple government agencies about the incident, including the Australian Cyber Security Centre, the National Office of Cyber Security, and the Office of the Australian Information Commissioner, as required under Australia's data breach notification laws.
The company is making direct contact with affected customers to provide notification and guidance on protective measures they should take following the breach.
"We are making direct contact with affected customers to apologise and inform them of this incident, and to provide support and guidance on what to do next," iiNet said.
Customer Security Warnings
The company urged customers to remain vigilant for suspicious communications following the data exposure, particularly emails, text messages or phone calls that could be part of phishing or scam attempts.
"iiNet urges our customers to remain vigilant, especially to any suspicious communications received via email, text or phone call," the company warned. "If in doubt, contact iiNet directly or seek independent advice from trusted sources, including the Australian Cyber Security Centre."
Cybersecurity experts have previously warned that contact information obtained through data breaches often gets used in sophisticated phishing campaigns designed to steal additional personal information or financial details.
Recommended Security Measures
iiNet provided customers with a detailed list of protective actions, including immediately resetting passwords for online accounts where they may have used the same credentials as the compromised system.
The company specifically recommended customers "always use strong, unique passwords for all your accounts including any financial services accounts and update them regularly" and enable multi-factor authentication wherever possible for email, banking and social media accounts.
Additional recommendations include installing updated antivirus software and exercising caution with any unsolicited requests for personal information, regardless of the apparent source.
Support Infrastructure
To assist affected customers, iiNet established a dedicated support hotline at 1300 861 036, operating Monday through Friday from 8:30 a.m. to 8:00 p.m. and weekends from 9:00 a.m. to 5:00 p.m. Australian Eastern Standard Time.
The company committed to providing ongoing updates through direct customer communication, its website, traditional media and social media channels as the investigation continues.
Truth matters. Quality journalism costs.
Your subscription to Mencari directly funds the investigative reporting our democracy needs. For less than a coffee per week, you enable our journalists to uncover stories that powerful interests would rather keep hidden. There is no corporate influence involved. No compromises. Just honest journalism when we need it most.
Not ready to be paid subscribe, but appreciate the newsletter ? Grab us a beer or snag the exclusive ad spot at the top of next week's newsletter.
Historical Customer Data
The breach included information from former iiNet customers whose data remained in the system for legal, regulatory or operational requirements, the company disclosed.
"The incident involved a system that contained historical customer records. While you may not be an iiNet customer anymore, some of your information remained stored due to legal, regulatory, or operational requirements," iiNet explained.
This revelation suggests the actual number of individuals affected could extend significantly beyond current active customers, potentially including anyone who has used iiNet services in recent years.
Company Background
iiNet operates as one of Australia's major internet service providers, offering NBN broadband, mobile services and business telecommunications solutions across the country. The company serves hundreds of thousands of residential and business customers nationwide.
The breach represents a significant security incident for the telecommunications sector, which has faced increasing cybersecurity threats in recent years as attackers target companies holding large databases of customer information.
Ongoing Investigation
iiNet continues working with external cybersecurity experts to determine the full scope of the breach and implement additional security measures to prevent future incidents.
The company has not disclosed details about how the attackers gained access to the system or whether any ransom demands were made, citing the ongoing investigation.
Customers seeking additional information about the breach can visit iiNet's website or contact the dedicated support line. The company has also directed customers to government resources including the Australian Cyber Security Centre's website for additional cybersecurity guidance.
The incident serves as the latest reminder of the persistent cybersecurity threats facing Australian businesses and the importance of robust data protection measures in the telecommunications industry.
Got a News Tip?
Contact our editor via Proton Mail encrypted, X Direct Message, LinkedIn, or email. You can securely message him on Signal by using his username, Miko Santos.
Sustaining Mencari Requires Your Support
Independent journalism costs money. Help us continue delivering in-depth investigations and unfiltered commentary on the world's real stories. Your financial contribution enables thorough investigative work and thoughtful analysis, all supported by a dedicated community committed to accuracy and transparency.
Subscribe today to unlock our full archive of investigative reporting and fearless analysis. Subscribing to independent media outlets represents more than just information consumption—it embodies a commitment to factual reporting.
As well as knowing you’re keeping Mencari (Australia) alive, you’ll also get:
Get breaking news AS IT HAPPENS - Gain instant access to our real-time coverage and analysis when major stories break, keeping you ahead of the curve
Unlock our COMPLETE content library - Enjoy unlimited access to every newsletter, podcast episode, and exclusive archive—all seamlessly available in your favorite podcast apps.
Join the conversation that matters - Be part of our vibrant community with full commenting privileges on all content, directly supporting The Evening Post (Australia)
Catch up on some of Mencari’s recent stories:
It only takes a minute to help us investigate fearlessly and expose lies and wrongdoing to hold power accountable. Thanks!