Tangerine, one of the country’s prominent telcos, found itself grappling with a recent cyber intrusion. The Tangerine data breach led to the unauthorized exposure of personal details belonging to 232,000 customers.
The data leak, which occurred on February 18, 2024, came to light when Tangerine’s management was alerted on February 20, 2024.
According to a statement released by the company on February 21, 2024, the compromised information included full names, dates of birth, mobile numbers, email addresses, postal addresses, and Tangerine account numbers.
However, reassuringly, sensitive information such as credit or debit card numbers, driver’s license numbers, ID documentation details, banking details, or passwords remained secure as the company does not store this data.
Tangerine Data Breach: The Official Response
Andrew Branson, CEO of Tangerine, expressed his deep regret over the Tangerine data breach incident, emphasizing the company’s dedication to its customers’ security. “No one is more disappointed than me,” Branson stated. “As a founder-led organization, my brother and I put everything we can into the business along with a very talented, committed team. Anything that negatively impacts our loyal customer base hurts, and we sincerely apologize to them for this incident”, reads the press release.
Branson highlighted the proactive measures Tangerine had taken in recent years to safeguard customer data, including a review of the necessity of retaining certain information. “Moving forward,” he affirmed, “we are fully committed to learning from this incident and implementing necessary improvements to prevent similar occurrences in the future.”
Upon discovering the Tangerine data leak, the telecommunication organization promptly launched an investigation to identify the root cause. Initial findings revealed that the breach stemmed from a legacy customer database and was traced back to the login credentials of a single user engaged on a contract basis.
The company immediately took steps to prevent further unauthorized access, revoking network and system access for the individual user and changing all other team usernames and passwords. Additionally, access to the affected legacy database was promptly closed.
Tangerine has engaged external cybersecurity specialists to conduct a comprehensive investigation and is collaborating with the Australian Cyber Security Centre while also notifying the Office of the Australian Information Commissioner of the incident. All impacted customers, spanning from June 2019 to July 2023, were notified via email on February 21, 2024.
Cyberattacks on Australia: A Concerning Trend for Organizations
Despite the Tangerine breach data incident, the organization assured customers that all accounts are protected with Multi-Factor Authentication (MFA), which remains unaffected. The incident has not disrupted the availability or operation of Tangerine’s services, including NBN and mobile services, which continue to operate as normal and remain safe to use.
The Tangerine data breach adds to a concerning trend of cyberattacks targeting Australia’s critical infrastructure and businesses. According to the Annual Cyber Threat Report by the Australian Signals Directorate, cyber incidents in Australia rose by 23% in the fiscal year ending June, with the average damage increasing by 14%. Large businesses suffered average costs of 71,600 Australian dollars ($46,375).
The report highlights the seriousness of cyber threats to vital infrastructure entities, exemplified by the November 10 attack on one of Australia’s major port operators, which paralyzed operations at four ports, including those in Sydney and Melbourne. Foreign state actors are suspected in some cases, with Russia and China implicated in malware-based hacks on critical infrastructure.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
