Tangerine Telecom, a challenger retail service provider, says a “legacy” customer database containing details of 232,000 current and former customers was accessed by an unknown party via exploitation of a contractor’s credentials.
The seller of NBN and mobile services said in a statement on Wednesday that “the unauthorised disclosure of certain personal information” occurred on Sunday, and that the management team had learned of the incident on Tuesday.
“Approximately, 232,000 current or former Tangerine customer accounts are impacted dating from June 2019 to July 2023,” the telco said in a statement, adding all impacted customers were quickly notified.
“The following personal information was disclosed: full name, date of birth, mobile number, email address, postal address and Tangerine account number.”
While investigation of the incident remains ongoing, Tangerine said that “login credentials of a single user engaged by Tangerine on a contract basis” were utilised in order to access the database.
“We have taken precautionary steps to fully revoke network and systems access for the individual user’s credentials and we have also changed all other team usernames and passwords,” Tangerine said.
“Access to the affected legacy database has also been closed.”
The company said it did not hold identity documents or payment details for customers.
“Thankfully, over recent years we’ve taken multiple pre-emptive steps which have included reviewing what data we really need to keep and what we can live without,” Tangerine CEO Andrew Branson said.
“That’s why we don’t hold any driver’s licences, any ID documents or any credit card numbers.”
Still, Branson said that “no one is more disappointed than me” at the incident taking place.
“As a founder-led organisation, my brother and I put everything we can into the business along with a very talented, committed team,” he said.
“Anything that negatively impacts our loyal customer base hurts, and we sincerely apologise to them for this incident.
“Moving forward, we are fully committed to learning from this incident and implementing necessary improvements to prevent similar occurrences in the future.”