TPG Telecom joins list of hacked Australian companies, shares slide
By Praveen Menon and Byron Kaye
(Reuters) – Internet services provider TPG Telecom Ltd became the latest Australian company to fall victim to a high-profile cyberattack, announcing on Wednesday that the emails of up to 15,000 of its corporate customers had been accessed.
Its shares fell on the news, closing down 2.8%.
At least eight other Australian companies have gone public about hacks since October, prompting public outrage and the government to say last week it is developing a new cybersecurity strategy to tackle threats. It is also considering banning the payment of ransom to cyber criminals.
TPG, Australia’s No. 2 internet service provider with 7.2 million accounts, said the primary aim of the hack of the hosted exchange service was to search for customers’ cryptocurrency and financial information. Its cybersecurity adviser Mandiant discovered the breach during a forensic historical review.
TPG doesn’t break out corporate account numbers, but about 29% of its pre-tax profit comes from corporate customers, according to its 2021 annual report.
The company said it had implemented measures to stop the unauthorised access and was contacting all customers on the exchange service affected by the incident.
Other recent high-profile cyberattacks include one on telecoms firm Optus — owned by Singapore Telecommunications Ltd – which reported a data breach of up to 10 million customers while health insurer Medibank Private Ltd has said personal and significant amounts of health claims data of around 9.7 million of current and former customers had been compromised.
A report from the Australian Cyber Security Centre in November blamed inadequate software updates for the majority of major cyberattacks.
Technology experts have warned that the hacks on top corporates have made Australian companies a target for copycat attacks just as a skills shortage leaves them understaffed and ill-equipped to stop it.
The attack on TPG “does show to the world and to Australia that it is still quite easy for hackers to access customer records, which is obviously a huge negative and a lot of the other companies should definitely be wary,” said Azeem Sherrif, a market analyst at CMC Markets.
Australia ranked equal-first in the world for companies reporting that their biggest cybersecurity challenge was finding people with the necessary skills, said Michael Mestrovich, chief information security officer at cybersecurity firm Rubrik.
“This lack of skilled cybersecurity talent has real world impacts,” he said.