Breach Notification , Cybercrime , Fraud Management & Cybercrime

Breach at Aussie Telecom Tangerine Affects 232,000 Customers

Customer Accounts Were Secured by MFA, But Contractor's Credentials Exposed Data
Breach at Aussie Telecom Tangerine Affects 232,000 Customers
Image: Shutterstock

Australian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of approximately 232,000 customers, which had been stored in a legacy database.

See Also: Stronger Security Through Context-aware Change Management: A Case Study

The telecommunications company confirmed Wednesday that the breach had occurred on Sunday and exposed customers' names, birthdates, mobile numbers, email addresses, postal addresses and Tangerine account numbers.

Tangerine, founded in 2014, provides internet broadband, SIM-only plans and 5G broadband services in Australia. The Financial Times ranked it as the fastest-growing telecommunications provider in the Asia-Pacific region for three consecutive years.

The provider said it had learned about the incident on Tuesday, immediately blocked the compromised user account's access to the network and systems, and shut off access to the affected legacy database.

"We can confirm that no credit or debit card numbers have been compromised, as we do not store this information. No driver's license numbers, ID documentation details, banking details or passwords have been disclosed as a result of this incident," the company said.

Tangerine CEO Andrew Branson said the company has taken steps in recent years to keep the data it holds to a minimum. "That’s why we don't hold any driver's licenses, any ID documents or any credit card numbers," he said.

The company added that all customer accounts are protected by multifactor authentication in the form of texted verification codes and are therefore secure from unauthorized access. "This incident does not affect the availability or operation of our nbn® or mobile services - they continue to operate as normal and remain safe to use," the company said.

Tangerine joins a list of leading Australian telecom giants hit by breaches in the past two years through third-party access to customer records.

To address these risks, the Australian government in November proposed designating the telecommunications industry as "critical infrastructure" under the Security for Critical Infrastructure Act.

"Reliable telcos are vital to Australia's national security. But right now they're not held to same standard as other critical infrastructure like our electricity or water systems," said Clare O'Neil, cybersecurity minister.

"That's why the Albanese Government is taking action to strengthen the cybersecurity of the telecommunication sector. We're bringing forward legislative changes so that our telco networks are held to the same standards as other critical infrastructure entities - including being required to develop a risk management program to plan for the full range of threats they face," she added.


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.