TPG Telecom falls as email hack targets business users' crypto, financial info

Australia's No. 2 internet services provider TPG Telecom Ltd said on Wednesday (Dec 14) it had been notified of unauthorised access to a hosted exchange service that hosts email accounts of up to 15,000 business customers, dragging its shares over 5 per cent.

The incident is the latest in a series of high-profile hacks in Australia, including the country's second-largest telecoms firm Optus – owned by Singapore Telecommunications Ltd – and its biggest health insurer Medibank Private Ltd, which combined compromised some 14 million customer accounts.

A report from the Australian Cyber Security Centre in November blamed the jump in attacks in majority of the incidents on inadequate software updates.

TPG said on Wednesday the "primary aim" of the threat actor was to search for customers' cryptocurrency and financial information. Its cyber security adviser Mandiant discovered the breach during a forensic historical review.

"It does show to the world and to Australia that it is still quite easy for hackers to access customer records, which is obviously a huge negative and a lot of the other companies should definitely be wary," said Azeem Sherrif, a market analyst at CMC Markets.

TPG said it had implemented measures to stop the unauthorised access and was contacting all customers on the exchange service affected by the incident.

Earlier in October, the country's top telecom firm Telstra Corp Ltd reported a data breach relating to a third-party provider that exposed some historical employee details.

TPG's shares were down 4.7 per cent, against a 0.3 per cent rise in the broader market.

ALSO READ: In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce