Cyber Incident Victim: Tangerine Telecom
Date:
Feb 2024
Location:
Australia
Summary
Tangerine Telecom experienced a cyberattack resulting in unauthorized disclosure of personal data from over 200,000 current and former customers, including full names, dates of birth, email and postal addresses, mobile numbers, and account numbers. The breach originated from compromised login credentials of a single contractor accessing a legacy customer database, with no impact on service availability. Sensitive information such as driver’s licenses, ID documents, financial details, or passwords remained unaffected due to prior data minimization practices. The company initiated an investigation with cybersecurity specialists, notified impacted individuals, and issued a public apology while emphasizing ongoing operational security. This incident aligns with broader cybersecurity challenges faced by Australian organizations in recent years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 18, 2024, Australian internet service provider Tangerine Telecom suffered a cyberattack resulting in unauthorized access to a legacy customer database containing personal information of current and former customers. Management was notified of the breach two days later on February 20. The compromised data included full names, dates of birth, email addresses, mobile phone numbers, postal addresses, and Tangerine account numbers for approximately 232,000 individuals. According to the company's customer notification, the breach originated from compromised login credentials belonging to a single contractor engaged by Tangerine. No operational systems affecting NBN or mobile services were impacted, with services continuing normally throughout the incident.
Tangerine immediately initiated an investigation upon discovery, engaging cybersecurity specialists to determine the root cause while maintaining that no financial data, identification documents, or passwords were exposed. CEO Andrew Branson confirmed the company's preemptive data minimization efforts in recent years prevented the storage of driver's licenses, credit card numbers, or bank account details in the affected database. The company advised customers to exercise caution regarding suspicious communications and provided contact information for ID Care and the Australian Cyber Security Centre. This incident follows multiple high-profile Australian breaches in 2022-2024, including attacks on Optus, Medibank, DP World, and Victoria's court systems. Tangerine's leadership acknowledged the breach's impact on customer trust while emphasizing ongoing improvements to prevent future occurrences.