Australian ISP iiNet Reports Data Breach, Customer Accounts Stolen

Australian ISP iiNet confirms data breach as hackers stole 280,000 email accounts, phone numbers and user data using stolen employee credentials, TPG says.

Australian internet provider iiNet has confirmed a data breach in its order management system, with parent company TPG Telecom reporting that customer information was accessed using stolen employee credentials.

The breach was detected on Saturday, 16 August 2025, after attackers used stolen employee credentials to gain access to the system. According to TPG, the information exposed was limited in scope compared with other recent corporate breaches, but the details are still sensitive enough to cause problems for customers.

Initial investigations show that around 280,000 active iiNet email addresses were exposed, along with 20,000 landline numbers and about 10,000 usernames, street addresses, and phone numbers. A smaller but significant set of roughly 1,700 modem setup passwords was also compromised.

While the company says that no financial records, identity documents, or payment details were included, cybersecurity experts warn that personal contact information is often valuable to criminals who launch phishing and social engineering attacks.

TPG Telecom said it acted quickly once the breach was confirmed. The company disabled the compromised accounts, brought in external security specialists, and informed the Australian Cyber Security Centre, the National Office of Cyber Security, and the Office of the Australian Information Commissioner. This shows the seriousness of the case, since coordination with government agencies is only triggered in incidents considered significant.

If you are an iiNet customer, change any passwords linked to iiNet services, especially if the same credentials are used across multiple platforms. Remain alert for suspicious emails or calls that may try to exploit the exposed information.

This is not the first time TPG and iiNet have faced cybersecurity incidents. In December 2022, as reported by Hackread.com, hackers breached TPG Telecom’s email service and accessed client data.

This incident adds iiNet to the growing list of Australian companies that have been hit by cyberattacks in recent years. In September 2022, Optus, the country’s second-largest telecom firm, suffered a data breach that exposed the personal details of millions of customers. The incident also led the company to issue a public apology.

TPG has begun notifying both impacted and non-impacted customers as a precaution, offering resources to help them secure their accounts.