iiNet Cyber Incident: What To Know And What To Do Next

iiNet, owned by TPG Telecom, is currently investigating claims that customer data is being sold on a cybercrime forum after a post appeared on 14 August. The seller alleges the information includes names, phone numbers, email addresses and dates of birth. iiNet is yet to confirm exactly what data is involved.

If you are an iiNet customer:

  • Be alert to phishing emails, texts or calls pretending to be iiNet
  • Do not click suspicious links or share personal information
  • Change passwords on any online accounts using your iiNet email
  • Enable multi-factor authentication (e.g. SMS, authenticator apps) wherever possible

If you are a business, this incident provides a reminder to double down on data control and response maturity. Ask yourself:

  • Which suppliers and systems store personal customer information on our behalf
  • Are we removing old data we no longer need
  • How quickly would we detect unauthorised access to customer-facing systems
  • When did our executives last practice a cyber breach scenario

Actions to prioritise:

  • Review third-party access and controls around customer data
  • Tighten real-time monitoring over public-facing systems
  • Run a breach simulation to sharpen decision-making under pressure