iiNet Cyber Security Breach Exposes Data of 280,000 Customers

Australia’s internet service provider iiNet, owned by TPG Telecom, has confirmed a major iiNet cyber security breach that exposed the personal details of more than 280,000 customers.

In its statement, the company stated that hackers had accessed its order management system on August 16, 2025, with stolen employee credentials. Such a system was the one to manage NBN connections and other services, as sensitive information about the customers was stored there.

The iiNet cyber security breach has affected the active and inactive email addresses, landline phone numbers, usernames, and street addresses, according to iiNet. Around 1,700 modem setup passwords were also exposed, raising concerns about potential risks to home internet security. Significantly, the company made some key points in its statements that no money-related data or identity documents like passports and driver’s licences were also stored in the compromised system.

iNet has implemented its incident response plan, blocked unauthorized access, and informed outside cyber experts to limit the damage. There are liaisons of the company with the cyber cybersecurity centre in Australia, such as the National Office of Cyber Security and the Office of the Australian Information Commissioner. Customers impacted by the iiNet cybersecurity breach are being directly contacted, while a dedicated hotline and online help page have been set up.

Cybersecurity experts warn that while financial data was not exposed, the leaked information could still be used in phishing, impersonation, or social engineering scams. iiNet has advised customers to reset their passwords, enable multi-factor authentication (MFA) where possible, and stay alert for suspicious messages or calls.

The iiNet cyber security breach adds to the growing number of cyberattacks in Australia, underscoring the urgent need for stronger measures to protect customer data from increasingly sophisticated threats.