Australia’s telecommunications sector has been hit once again, with TPG Telecom’s iiNet subsidiary revealing a data breach affecting 280,000 customers.

The incident, which involved stolen employee credentials, highlights the telecom industry’s ongoing vulnerability to phishing attacks.

According to Australian software firm Airteam, the attack mirrors TPG’s own 2022 breach, highlighting why credential theft remains the leading cause of cyber incidents nationwide.

“Phishing and compromised credentials account for 35% of all cyber incidents, yet we keep seeing the same telecom providers fall victim to identical attack methods,” said Rich Atkinson, Executive Director of Technology at Airteam.

“TPG, Telstra, and Tangerine Telecom have all suffered credential-based breaches, showing this attack vector continues to succeed despite industry awareness.”

The trend extends across multiple providers.

Telstra’s November 2024 breach exposed 47,300 employee records through stolen login credentials, while Tangerine Telecom’s February 2024 incident affected 230,000 customers after a contractor’s compromised credentials accessed an unsecured database.

Australia’s largest telecom breach to date, the 2022 Optus incident affecting 9.8 million customers, occurred via an unprotected API rather than credential theft.

Nevertheless, the stolen data from that breach fueled widespread phishing campaigns targeting affected customers.

“When the same credential-based attack method works repeatedly, we’re not seeing sophisticated new threats but fundamental authentication weaknesses,” Atkinson said. “Australian enterprises are failing to implement systems that assume credentials will be compromised and protect accordingly.”

Since 2022, repeated credential-based attacks have exposed over 10 million Australians to potential data breaches, with each incident following a predictable pattern of phishing credentials, accessing legitimate systems and extracting customer data.

“This pattern shows reactive security measures aren’t enough,” Atkinson added. “Australian businesses need security-by-design approaches that anticipate credential compromise rather than simply responding to it.”