iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hundreds of thousands of customers of an Australian mobile, internet and NBN provider have had their data exposed in a cyber incident.
Tangerine Telecom has issued a statement revealing that a cyber incident has led to the disclosure of data belonging to 232,000 current and former customers dating from June 2019 to July 2023.
The attack reportedly occurred on Sunday, 18 February, with Tangerine discovering the attack days later on Tuesday, 20 February 2024.
Exposed information includes customer full names, dates of birth, mobile numbers, email addresses, postal addresses, and Tangerine account numbers.
“We can confirm that no credit or debit card numbers have been compromised, as we do not store this information,” wrote Tangerine today (21 February) in its media statement.
“No driver’s license numbers, ID documentation details, banking details or passwords have been disclosed as a result of this incident.”
While the exact cause of the incident is still unknown, Tangerine’s release suggests that someone using a single user account gained access to a legacy database containing the data.
As of today (21 February), Tangerine has sent emails to its customers notifying them that their personal information may be at risk.
“We are writing to let you know that Tangerine has been impacted by a cyber incident that has resulted in the unauthorised disclosure of some of our customer data,” the email said.
“We are contacting you as, unfortunately, we believe that some of your personal data was disclosed as a result of this incident and have launched a full investigation to determine the cause.”
It has also taken precautionary measures to prevent further damage, removing access to its systems and network from the user account in question, as well as changing all team usernames and passwords. It has also closed access to the legacy database.
“[Additionally,] we have engaged an external cyber specialist to undertake a full and thorough investigation, and we are in contact with the Australian Cyber Security Centre. We have also notified the Office of the Australian Information Commissioner of this incident,” it said.
Tangerine recommends that users change their credentials and apply for new account numbers, engage multifactor authentication (MFA), remain alert to any communications they receive from anyone claiming to be from Tangerine Telecom, and ignore requests for information.
“No one is more disappointed than me. As a founder-led organisation, my brother and I put everything we can into the business, along with a very talented, committed team,” wrote Tangerine chief executive Andrew Branson.
“Anything that negatively impacts our loyal customer base hurts, and we sincerely apologise to them for this incident.
“Thankfully, over recent years, we’ve taken multiple pre-emptive steps, which have included reviewing what data we really need to keep and what we can live without. That’s why we don’t hold any driver’s licences, any ID documents, or any credit card numbers.
“Moving forward, we are fully committed to learning from this incident and implementing necessary improvements to prevent similar occurrences in the future.”
Be the first to hear the latest developments in the cyber industry.
