Australia is in the midst of an unprecedented wave of cyber crime against large organisations, and telecommunications companies have been a recurrent target. Starting with Optus, Telstra, Singtel, Medibank.
Now, another Australian telecommunications giant TPG has suffered a major cyber security incident, and it revealed an email hosting service used by up to 15,000 business customers has been breached.
TPG Telecom says it was made aware of the incident on 13 December when its external cyber security advisers, Mandiant, brought forth evidence of unauthorised access to a Hosted Exchange service used for iiNet and Westnet business customers.
Hosted Exchange is a Microsoft service used by providers in the telecommunications industry, such as iiNet and Westnet, to provide email hosting services to customers. The service affected in this breach hosts email accounts for up to 15,000 iiNet and Westnet business customers.
TPG said the “threat actor” behind the incident appeared to be aiming for customers’ cryptocurrency and financial information. The complete extent of the attack is yet to be disclosed, and the investigation is underway.
TPG says it has implemented measures to halt unauthorised access and has put in place further security measures more broadly.The incident reportedly does not affect any home or personal iiNet or Westnet products such as broadband or mobile.
The Privacy Legislation Amendment Bill 2022 passed both houses of Parliament in late November, introducing fines of $50 million to companies for “serious or repeated” privacy breaches.
The bill introduces new powers to the Office of the Australian Information Commissioner, Australia’s privacy watchdog, to better combat future data breaches.