Cyber Incident Victim: TPG Telecom

On December 13, 2022, TPG Telecom’s external cybersecurity advisers Mandiant identified evidence of unauthorised access to a Hosted Exchange service used by iiNet and Westnet business customers. The intrusion was discovered during a forensic historical review conducted as part of Mandiant’s ongoing cyber protection services for TPG Telecom. Preliminary analysis indicated the threat actor primarily sought to locate customers’ cryptocurrency holdings and financial data. The breach impacted email accounts for up to 15,000 business customers across iiNet and Westnet brands. TPG Telecom confirmed the incident exclusively affected commercial users of the Hosted Exchange platform, with no compromise detected in residential or personal services including broadband and mobile offerings. The company implemented immediate measures to terminate the unauthorised access upon Mandiant’s discovery.

TPG Telecom publicly disclosed the incident on December 14, 2022, through an Australian Securities Exchange announcement. Security enhancements were applied to the Hosted Exchange environment following containment. The organisation initiated direct communications with all affected business customers regarding the breach and recommended precautionary measures. Relevant Australian government authorities received formal notification, though specific agencies weren’t named in the disclosure. TPG Telecom issued an unreserved apology to impacted commercial clients while emphasising the investigation remained ongoing through Mandiant’s forensic work. No customer data exfiltration or systemic service disruptions were confirmed in the initial findings. The company committed to providing further updates to affected parties as the investigation progressed, maintaining that non-Exchange products and consumer accounts operated outside the compromise scope.