Close up of hands on keyboard typing code

Who’s next? iiNet and Westnet the latest telcos to reveal a hack on customers

Up to 15,000 iiNet and Westnet business customers may have had their email accounts compromised, after a hacker gained access to each telco’s email hosting services.

Parent company TPG Telecom revealed the breach in a release to the Australian Securities Exchange (ASX). According to TPG, the hack was discovered by external cyber security firm Mandiant on December 13, after evidence of unauthorised access to a ‘hosted exchange service’ was uncovered.

The breached Hosted Exchange service was a Microsoft-hosted product that provides email services to iiNet and Westnet business customers. TPG said that its initial investigation indicated that the hack was an attempt to gain access to customers’ financial and cryptocurrency information.

At this stage, it’s unclear what information may have been exposed, but TPG said in the ASX statement that it has implemented security measures to prevent further attacks. The telco has also notified relevant government authorities, and is in the process of contacting iiNet and Westnet customers impacted by the hack.

“We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” the company said in the statement. “We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.” 

What should I do if I’m an iiNet or Westnet customer?

According to TPG, the hacker only gained access to iiNet and Westnet’s business email hosting services, meaning residential customers weren’t impacted. If you have a personal phone or internet account with one of the two telcos, your data remains safe.

Although TPG Telecom owns several more major telecommunications brands – including TPG, Vodafone, Internode, Felix Mobile, AAPT, and Lebara – the attack, according to current information released by TPG, is so far limited to iiNet and Westnet business services.

TPG will be direct communication with affected customers, and more information is likely to come to light as the investigation proceeds. But if you’re an iiNet or Westnet customer worried about your personal data – or just want to know what to do in an email hack – there’s some quick steps you can take immediately.

  • Contact your bank or financial institution immediately. Your bank may be able to stop or reverse any transactions that have already occurred, and close down or block access to exposed accounts or credit cards.
  • Contact IDCARE online or by calling 1800 585 160. This is a free, government-funded service that can support you through identity theft or fraud.
  • Change any online passwords that may have been compromised, including banking, email, social media, etc. Enable multi-factor authentication where possible.
  • Monitor your accounts and credit cards for any suspicious activity.
  • You may also wish to place a temporary ban on your credit report to prevent hackers applying for loans in your name.
  • If you’re concerned about your tax file number or taxation information being accessed, contact the Australian Taxation Office.

Today’s TPG hack is the latest in a series of telco cyberattacks and data breaches. An Optus hack in September placed over nine million customers at risk of identity theft, while earlier this week Telstra confirmed that a database error had exposed the personal info of more than 130,000 unlisted customers.

Tara Donnelly
Utilities Editor
Tara Donnelly is an internet and mobile expert - sectors she’s spent a decade covering - and also oversees energy and consumer technology content. She holds a Bachelor of Communications from the University of Canberra and has shared her expertise on national media including 9 News, 7 News, Sunrise and the ABC.

Share this article