Tangerine Telecom, a challenger retail service provider, says a legacy customer database containing details of 232,000 current and former customers was accessed by an unknown party.
This incident occurred on the 18th of February, and the management team learned of this breach two days later.
“Approximately, 232,000 current or former Tangerine customer accounts are impacted dating from June 2019 to July 2023,” the telco said in a statement. All customers affected by this breach have been notified by the business.
How Did the Incident Happen?
The incident is still being investigated, however, the organisation has disclosed the cause of the incident was due to the compromise and access of a contractor’s login credentials. These credentials were used to access the legacy database which contained the customer records.
Tangerine has revoked all network and system access for the compromised account, and all staff usernames and passwords have been changed. Access to the legacy database has also been closed.
Data Accessed
The database accessed held valuable customer Personally Identifiable Information (PII) including:
- Full name
- Date of birth
- Mobile number
- Email address
- Postal address
- Tangerine account number
No driver’s licence numbers, ID documentation details, banking details or passwords have been disclosed as a result of this incident.
What Do I Do if I’ve Been Affected?
Customers are still able to access the company’s Self-Care Portal, but they will be required to authenticate with both their credentials and a one-time verification code (MFA) which will be sent to their mobile number or email address.
Customers are also being given the option to change their Tangerine account number and can set up security questions to strengthen their account security.
Affected customers are at an increased likelihood of receiving scam calls, texts and emails. Be wary of all emails you receive, including those purporting to come from Tangerine itself. If you are unsure of the legitimacy of an email or text message you receive, contact the sender directly (through an official contact channel) to confirm its legitimacy.
More information can be found on the company’s website – cyber incident media statement.
If you’re concerned you have become a victim of identity theft or have fallen victim to a scam, you can contact IDCARE, Australia’s national identity and cyber support service.
Source:
Recent Comments