πŸ”’breach.co.nz Β· the NZ & Australia breach register πŸ›‘οΈ A Govern service
Register β€Ί πŸ‡¦πŸ‡Ί AU β€Ί Telco

iiNet (TPG Telecom)

πŸ‡¦πŸ‡Ί Australia Β· iiNet β€” TPG Telecom Β· Record AU-2025-0288
β—‹ Reported β€” awaiting official confirmation
Reported β€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
280,000 (approx)
Breach date
2025-08
Regulator
OAIC (notified)
Trust tier
B Β· Reported

Data exposed

Email addresses, usernames, phone numbers; some modem setup passwords Media-reported

Confidence: Confirmed = regulator/court Β· Company-confirmed = the organisation's own disclosure Β· Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In August 2025 TPG Telecom disclosed that its iiNet subsidiary’s order-management system had been accessed using stolen credentials, affecting an estimated 280,000 customers β€” with email addresses, usernames and phone numbers, and for a subset modem setup passwords, exposed [register-iinet].

Timeline

  • 2025-08 β€” Unauthorised access to the iiNet order-management system disclosed [register-iinet].

Current status

Disclosed; customers notified and credentials reset. Figures are as reported. [register-iinet]

Why it matters

Another reminder that a single compromised business system β€” not the core network β€” is often all an attacker needs to reach hundreds of thousands of customers.