Tangerine cyber incident led to a data breach where hackers obtained the personal information of over 200,000 customers. The compromised data includes full names, dates of birth, email addresses, and mobile phone numbers.
Tangerine promptly notified customers via email, informing them that the breach occurred on February 18 and was reported to management two days later.
“We are writing to let you know that Tangerine has been impacted by a cyber incident that has resulted in the unauthorised disclosure of some of our customer data,”
“We are contacting you as unfortunately, we believe that some of your personal data was disclosed as a result of this incident and have launched a full investigation to determine the cause. Please note that this incident does not affect the availability or operation of our NBN or mobile services – they continue to operate as normal and remain safe to use.”
Tangerine said in a letter to customers.
Tangerine Cyber Incident Didn’t Compromise any Payment Card Info
Tangerine has assured customers that the data breach did not compromise any credit card or debit card numbers. However, the breach did involve the theft of personal information such as full names, dates of birth, mobile numbers, email and postal addresses, as well as Tangerine account numbers.
“No driver’s licence numbers, ID documentation details, bank account details or passwords were disclosed as a result of this incident,”
“Upon learning of the incident, we immediately began an investigation to determine how this incident occurred. This investigation is ongoing and is being treated with the utmost priority.
“We know that the unauthorised disclosure relates to a legacy customer database and has been traced back to the login credentials of a single user engaged by Tangerine on a contract basis.”
The company told customers.
Company Founders Disappointed by the Tangerine Data Breach
As a rapidly growing internet provider based in South Melbourne, the company is visibly disappointed by the impact this breach has had on approximately 232,000 of its current and former customers.
Tangerine was founded in 2013 by brothers Andrew and Richard Branson and remains committed to addressing and rectifying this unfortunate incident.
“No one is more disappointed than me. As a founder-led organisation, my brother and I put everything we can into the business along with a very talented, committed team,”
Chief executive Andrew Branson said in a statement.
“Anything that negatively impacts our loyal customer base hurts, and we sincerely apologise to them for this incident.
“Thankfully, over recent years we’ve taken multiple pre-emptive steps which have included reviewing what data we really need to keep and what we can live without. That’s why we don’t hold any driver’s licences, any ID documents or any credit card numbers.”
“Moving forward, we are fully committed to learning from this incident and implementing necessary improvements to prevent similar occurrences in the future.”
The company says in a statement
Tangerine has responded to the data breach promptly by engaging a cybersecurity specialist to conduct a comprehensive investigation. The company urges its customers to remain vigilant and exercise caution when receiving any communications purportedly from Tangerine Telecom.
In case of any concerns or additional support, customers can turn to government support services such as ID Care and the Australian Cyber Security Centre.
Tangerine Security Breach is Yet Another in a Series of High Profile Breaches
This incident contributes to the increasing number of high-profile data breaches. Victoria’s court system, for instance, recently experienced a ransomware attack that posed a potential risk to confidential testimonies stored in their archives.
In recent months, there have been notable cyberattacks affecting prominent organizations. St Vincent’s Health faced a cyberattack prior to Christmas, while DP World encountered a cybersecurity incident that led to temporary closures of its terminals in November.
The gravity of these concerns was underscored in 2022 when hackers targeted Optus, compromising the personal details of 10 million customers in September.
Shortly thereafter, they gained access to sensitive health information belonging to 9.7 million Medibank customers. The hackers progressively leaked this data in an attempt to extort ransom payments from the affected companies.
