Appreciate our quality journalism? Please subscribe here
DONATE
Melbourne-based Tangerine Telecom – a “telecommunications partner” of the Commonwealth Bank of Australia – has suffered a mass data breach, with personal details of more than 230,000 customer accounts exposed.
All of the records were part of a “legacy database”, in revelations that are likely to spark more debate over companies holding historical personal data.
Tangerine said the breach had been “traced back” to one of its own contractors, a “single user engaged by Tangerine on a contract basis”.
The “unauthorised disclosure” occurred on Sunday and was “first reported to Tangerine” yesterday, the company said.
The breach involved “approximately 232,000” customer accounts dating back nearly five years, with the most recent information mid-last year.
It involved the “full name”, “date of birth”, “mobile number”, “postal address“ and “email address” of customers.
“Approximately, 232,000 current or former Tangerine customer accounts are impacted dating from June 2019 to July 2023,” Tangerine said in a media statement Wednesday afternoon.
“All impacted customers have been notified by email on Wednesday 21 February 2024”.
Please SUBSCRIBE HERE and support our quality journalism
The CBA owns 30 per cent of both Tangerine Telecom and its sister company More Telecom, which it says are CBA “telecommunications parters”.
“We know that the unauthorised disclosure relates to a legacy customer database and has been traced back to the login credentials of a single user engaged by Tangerine on a contract basis,” Tangerine said.
“As soon as we learnt of this incident, we took steps to prevent any unauthorised access to our data”.
“We have taken precautionary steps to fully revoke network and systems access for the individual user’s credentials and we have also changed all other team usernames and passwords,” it said.
Tangerine said it had “notified” the Australian Cyber Security Centre and the Office of the Australian Information Commissioner” and had “engaged an external cyber specialist to undertake a full and thorough investigation”.
“We’re reliable, well priced, provide great service and part-owned by the Commonwealth Bank” – Tangerine
Tangerine said “access to the affected legacy database” had now “been closed”.
It did not state why it had a “legacy database”.
Some companies retain out-of-date personal details of current and former customers to on-sell the data.
In a statement Tangerine CEO Andrew Branson said it had taken “pre-emptive steps” in “recent years” to review “what data we really need to keep and what we can live without”.
“That’s why we don’t hold and driver’s licences, and ID documents or any credit card numbers,” he said.
Branson apologised for the breach.
“No one is more disappointed than me. As a founder-led organisation, my brother and I put everything we can into the business along with a very talented, committed team,” he said.
“Anything that negatively impacts our loyal customer base hurts, and we sincerely apologise to them for this incident”.
The company was “fully committed to learning from this incident” and “implementing necessary improvements to prevent similar occurrences in the future”, Branson said.
The Klaxon has obtained a copy of the letter Tangerine has sent to affected customers.
“We are writing to let you know that Tangerine has been impacted by a cyber incident that has resulted in the unauthorised disclosure of some of our customer data,” it states.
“We are contacting you as unfortunately, we believe that some of your personal data was disclosed as a result of this incident and have launched a full investigation to determine the cause.
“We wanted to notify you of this incident as it could increase your risk of being exposed scam or phishing attacks – where fraudulent phone calls, SMS or emails are sent to trick individuals into revealing personal information,” the letter states.
In 2022 the personal details of more than 10 million current and former customers of Singapore Government-owned telco giant Optus were leaked on the dark web.
At the time Optus announced a “review” by Big Four consultancy Deloitte, which it promised to make public but later refused to do so.
Optus is currently subject to a class action by law firm Slater & Gordon which is seeking to obtain the Deloitte report.
In November the Federal Court rejected Optus’ claim that it did not have to hand over the report on grounds of “professional privilege”.
In its bid to keep the report secret, Optus has appealed the ruling and a hearing is expected to be held in May.
Tangerine is “one of Australia’s fastest growing telcos” and provides “NBN and mobile services to tens of thousands of Australian households”, according to its LinkedIn page.
“We’re reliable, well priced, provide great service and part-owned by the Commonwealth Bank,” it says.
“Our phenomenal growth has also seen Tangerine ranked as the fastest growing telco in Asia-Pacific and Australia in the 2023 Financial Times High-Growth Companies Asia-Pacific list”.
BEFORE YOU GO: Please SUBSCRIBE HERE or support us by making a ONE-OFF DONATION. Thank you!
Anthony Klan
Editor, The Klaxon
Help us get the truth out from as little as $10/month.
Unleash the excitement of playing your favorite casino games from the comfort of your own home or on the go. With real money online casinos in South Africa, the possibilities are endless. Whether you’re into classic slots, progressive jackpots, or live dealer games, you’ll find it all at your fingertips. Join the millions of players enjoying the thrill of real money gambling and see if today is your lucky day!
The need for fearless, independent media has never been greater. Journalism is on its knees – and the media landscape is riddled with vested interests. Please consider subscribing for as little as $10 a month to help us keep holding the powerful to account.