TPG Telecom, Australia’s second-largest internet services provider, disclosed an “unauthorised access” to a hosted exchange service that holds the email accounts of 15,000 business customers.
“On 13 December 2022, TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorised access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the company said in a statement filed at the Australian Securities Exchange (ASX).
“Based on the preliminary analysis undertaken to date it appears the primary aim of the threat actor was to search for customers’ cryptocurrency and financial information,” it added, assuring that the incident did not affect any home or personal iiNet or Westnet products, such as broadband or mobile.
The incident is the most recent in a string of high-profile breaches in Australia.
Breach and patch
According to the company, Mandiant came across an unauthorized access attempt during their threat-hunting exercise, and later it was found out that the threat actor had successfully infiltrated the organization.
We have implemented measures to stop unauthorized access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service. We have notified the relevant government authorities,” TPG said
A Hosted Exchange service is a Microsoft product that iiNet and Westnet use to provide email services to customers, usually as part of a business or home broadband service package. The organization has not revealed the data that was accessed during the attack but assured that an investigation is underway and affected customers will be notified.
