Australian telecommunications provider Tangerine disclosed a recent cyberattack that compromised the personal information of approximately 230,000 individuals. The breach, discovered on February 20 but occurring on February 18, involved unauthorized access to a legacy customer database containing names, addresses, dates of birth, email addresses, mobile phone numbers, and Tangerine account numbers. However, sensitive data such as credit card numbers, identification details, and passwords were not compromised. Tangerine attributed the breach to attackers using the login credentials of a contractor and took immediate steps to contain the incident by revoking network and system access, removing access to the database, and updating team usernames and passwords. The breach did not impact Tangerine’s services or customer accounts, which are safeguarded with multi-factor authentication. The company began notifying affected individuals and urged them to remain vigilant against scams. Tangerine’s CEO, Andrew Branson, expressed regret over the incident and pledged to enhance security measures to prevent similar occurrences in the future. Established in 2014 and headquartered in South Melbourne, Tangerine offers NBN and mobile services throughout Australia.
Read more: https://www.securityweek.com/230k-individuals-impacted-by-data-breach-at-australian-telco-tangerine/