Cyber Incident Victim: TPG Telecom
Date:
May 2021
Location:
Australia
Summary
A cybersecurity incident impacted two customers using TPG Telecom's legacy TrustedCloud hosting service, which operated in an isolated environment separate from the company's primary telecommunications infrastructure. The compromised service was already slated for decommissioning with minimal remaining users. In response, the organization enhanced security measures specific to TrustedCloud while also bolstering defenses across its broader business operations to prevent further breaches. No other brands, products, or customer services were affected by the isolated intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident involving TPG Telecom’s TrustedCloud service occurred on or around May 17, 2021, impacting two customers hosted on the legacy platform. TPG confirmed the breach was isolated to the TrustedCloud environment, emphasizing its standalone infrastructure separate from the company’s telecommunications networks and other systems. No customers from TPG’s other brands, products, or services were affected. The company did not disclose the nature of the intrusion, attacker methods, or specific data compromised but stated it had implemented immediate measures to enhance the security of the TrustedCloud service. Additionally, TPG bolstered cybersecurity defenses across its entire business as a precaution, despite expressing confidence that other environments remained unaffected.
TrustedCloud, acquired by TPG through its 2011 purchase of IntraPower, was already in the process of being decommissioned at the time of the incident and was scheduled for full retirement in August 2021. The service had only a "few" remaining customers, reflecting its phased obsolescence. TPG’s public disclosure to the ASX framed the breach within the context of winding down the legacy offering, though the company did not specify whether the decommissioning timeline was accelerated due to the incident. The Australian Signals Directorate acknowledged awareness of the attacker’s identity but withheld further details. No financial, operational, or customer-specific consequences beyond the two breached entities were reported, and TPG did not indicate regulatory penalties or third-party investigations stemming from the event.