230k Individuals Impacted by Data Breach at Australian Telco Tangerine

Summary:
Public disclosure of breaches like this raises awareness within the telecommunications industry and among consumers about the importance of data security, potentially prompting other companies to review and enhance their own security measures.

Australian telecommunications provider Tangerine disclosed a data breach affecting 230,000 individuals, discovered on February 18 but announced two days later. Attackers accessed a legacy customer database containing personal details such as names, addresses, dates of birth, email addresses, mobile phone numbers, and Tangerine account numbers. However, sensitive information like credit/debit card numbers, driver’s license numbers, ID documentation, banking details, orwere not compromised.

Security Officer Comments:
The breach was believed to be initiated through the login credentials of a contractor. The company started notifying impacted individuals and advised vigilance against potential scams. CEO Andrew Branson expressed regret over the incident and outlined the company's commitment to learning from it and enhancing security measures. Established in 2014 and headquartered in South Melbourne, Tangerine offers NBN and mobile services across Australia.

Suggested Corrections:
Tangerine took immediate steps to contain the breach by revoking network and system access, removing access to the compromised database, and updating team usernames and passwords. Customer accounts, protected with multi-factor authentication, remained unaffected.

Link(s):
https://www.securityweek.com/230k-individuals-impacted-by-data-breach-at-australian-telco-tangerine/