Posted by Harry Baldock : Attackers reportedly hacked into an order management system from TPG’s subsidiary, the broadband provider iiNet Australia’s TPG has become the latest telco to suffer a major cybersecurity breach this weekend, with data having been exfiltrated from its ISP subsidiary, iiNet.
The breach occurred on August 16, where reports suggest it was quickly detected and contained. Nonetheless, the attack reportedly compromised around 280,000 active email addresses; 20,000 active landline phone numbers; 10,000 iiNet customer names, street addresses, and phone numbers; and 1,700 modem setup passwords.
“We unreservedly apologise to our iiNet customers impacted by this incident,” TPG said in a statement to the Australian Securities Exchange. “We will be taking immediate steps to contact impacted iiNet customers, advise of any actions they should take and offer our assistance. We will also contact all non-impacted iiNet customers to confirm they have not been affected.”
No sensitive customer information, like bank details or personal identity documents, was impacted by the breach, as this data was not stored in the iiNet order management system.
“We do not currently have any evidence to suggest an impact to our broader systems or other customers,” TPG said.
TPG says it is working closely with the Australian Cyber Security Centre, National Office of Cyber Security, Australian Signals Directorate, and the Office of the Australian Information Commissioner to better understand the breach and take appropriate action.
Investigations into how the attackers gained access to these systems are underway, with early indications suggesting that account credentials had been stolen from an employee.
The first half of this decade has not been kind to TPG when it comes to cybersecurity. The company’s Hosted Exchange service, which provides email hosting for iiNet and Westnet business customers, was notably hacked at the end of 2022, impacting around 15,000 business customers. The attackers appeared to be accessing customers’ cryptocurrency and financial information.
Investigations into this attack are still ongoing.
Both attacks combined, however, still pale in comparison to that experienced by TPG’s rival Optus in 2022, when bad actors gained access to the data of up to 10 million of the company’s current and former customers. Illegally obtained information included customers’ names, dates of birth, home addresses, and more.
While a ransom of $1.5 million was initially demanded for the return of the data, the attacker ultimately backed down, allegedly deleting the stolen data due to the unwanted attention it garnered from law enforcement.Keep up with all the latest telecoms news with the Total Telecom newsletter TPG suffers data breach impacting 280,000 customers | Total Telecom
Facebook has revealed its first full-scale drone, which would be used to provide internet access in remote parts of the world. The solar-powered drone, code-named ''Aquila,'' would be able to stay up in the air for three months at a stretch, sending data to a base station on the ground using a laser. The company planned to use a linked network of drones to provide internet access to large rural areas. However, as with its Internet.org project, Facebook would not be dealing with customers directly, rather it would use local ISPs to offer the service. Jay Parikh, Facebook's vice-president of engineering, said: ''Our mission is to connect everybody in the world. This is going to be a great opportunity for us to motivate the industry to move faster on this technology.'' The social network said it would test the aircraft, which has the wingspan of a Boeing 737, in the US later this year. According to Yael Maguire, the company's engineering director of connectivity, the plane would operate between 60,000ft (18km) and 90,000ft (27km) - above the altitude of commercial airplanes - so it would not be affected by weather. The plane would fly at the maximum altitude during the day, before gliding slowly down to its lowest level to conserve power when its solar panels were not receiving charge. The sun-powered Aquila drone was built over 14 months ago and it would be in the air for 90 days at a time. It would be launched with helium balloons to be able to achieve its altitude. The Aquila programme was tested in The UK in March, and was expected to increase the internet speed and provide access to about 10 per cent of the population who did not have connections, and who were far from landlines and cell towers. The social network's Internet.org initiative was targeted by activists for providing users with a limited version of the web. Internet.org customers who accessed the internet for free, would only have access to selected services like weather, job listing, Facebook and Wikipedia. 
. For further concise, balanced comment and analysis on the week's news, try The Week magazine. 