Overview

• The breach, discovered on August 16, also exposed about 20,000 active landline numbers plus historic email and phone records.
• Forensic checks indicate around 10,000 usernames with street addresses and phone numbers and roughly 1,700 modem setup passwords were accessed.
• The affected platform does not store credit cards, banking data or identity documents, which the company says were not compromised.
• iiNet removed the unauthorised access, engaged external cybersecurity firms, and notified the ACSC, NOCS, ASD and OAIC.
• Impacted customers are being contacted, a support line (1300 861 036) is live, and all users are urged to watch for phishing and enable multi-factor authentication.