Forensics , Security Operations
Australian Telecom Giant TPG Discloses Email HackThreat Actors Searched Email Inboxes for Cryptocurrency and Financial Information
Australian telecom and internet service provider TPG Telecom disclosed a data breach detected by an outside cybersecurity forensics team conducting a historical review.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
The Microsoft Exchange email accounts of as many as 15,000 customers at subsidiaries iiNet and Westnet may be affected by the breach, TPG disclosed in a Wednesday filing to the Australian Securities Exchange.
It appears, TPG wrote, that hackers searched inboxes for data on cryptocurrency and other financial information they could steal. "We have implemented measures to stop the unauthorized access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service," the company said. "We have notified the relevant government authorities."
Consumer products were not affected, the company said. TPG encompasses a slew of brands including mobile carrier and ISP brands such as Vodafone, AAPT, Internode, Lebara and Felix.
Cybersecurity firm Mandiant, now owned by Google, notified TPG about the attack on Tuesday. Mandiant has an "ongoing engagement to assist with cyber protection" and was in the process of sifting through historical data when analysts spotted the intrusion.
The breach adds to a growing list of cyberattacks on Australia's telecommunication industry.
Only days ago, Telstra published names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company blamed a "misalignment of databases" (see: Australian Telecom Firm Leaks Data of 130,000 Customers).
Telstra in October also acknowledged a "minimal risk" data breach it attributed to a third-party provider of a now-obsolete employee rewards program (see: Another Telco Breach Rocks Australia).
In September, hackers breached Optus and gave it a $1 million extortion demand (see: Optus Under $1 Million Extortion Threat in Data Breach).
An apparent wave of hacking has led the country's top cybersecurity official to pledge Australia will transform into "the world's most cyber-secure country by 2030" (see: Australia Aims to Be World's 'Most Cyber-Secure' Country).