The Australian telecommunications company Tangerine recently found itself in hot water after a data breach that exposed the personal details of approximately 232,000 customers. The hack occurred on February 18, 2024, impacting customers who were Tangerine users between June 2019 and July 2023. Experts now question whether more rigorous network penetration testing could have prevented the breach. Hackers managed to infiltrate an older customer database, gaining access to sensitive information including names, email addresses, postal addresses, and mobile phone numbers. Thankfully, the breach did not compromise financial details like credit card information, passwords, or identification documents, according to Tangerine.
Read our latest on 2024 Sees Breaches Boom and Investigations Bite to gain more insights into the causes and impacts of increased breaches.
The company identified the security breach on February 20 and promptly notified affected customers via email on February 21. Tangerine expressed sincere remorse for the incident and assured current customers that their accounts remained secure due to the implementation of multi-factor authentication (MFA).
Tangerine is currently investigating the cause of the breach, with the working theory pointing towards a single unauthorised user gaining access to the vulnerable database. The company has taken proactive steps to prevent similar incidents in the future. These measures include closing access to the compromised database, revoking the suspected hacker’s credentials, and implementing stricter password protocols across the board.
Even Tangerine CEO Andrew Branson said that he is more disturbed by the breach of the company’s data security than anyone else. He also highlighted that he and his brother have put everything into the building of this company, along with a very skilled team. He went on to say that anything that hurts the loyalty of their customers is a matter of great concern, and they apologise to them for this incident.
According to the cybersecurity experts at Cybernetic Global Intelligence, “This Tangerine breach is a reminder that legacy systems can be a major vulnerability. Securing outdated databases requires extra vigilance. Customers should be wary of phishing attempts that may exploit the exposed information.”
Additionally, they have brought in an external cybersecurity specialist to assist with the investigation and have contacted relevant authorities, including the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner.
Also, read How the Inspiring Vacations Data Breach Affected 112,000 Travellers and find out why cybersecurity measures in organisations are important.
What Tangerine Customers Should Do?
Tangerine’s data breach joins a string of telco security woes in Australia. The most prominent was the massive Optus cyberattack in 2022. That same year, Telstra accidentally exposed the personal details of unlisted customers, and both iiNet and Westnet faced hacks in December.
If you are a Tangerine customer, here are some crucial steps you should take to protect yourself:
Increase Vigilance: Tangerine recommends utilising resources from ID Care, Scamwatch, and the Australian Cyber Security Centre to gain valuable knowledge on protecting yourself online in the ever-evolving digital landscape.
Review Account Security: It’s a wise move to consider changing passwords for your email, banking, and any other important accounts you possess. If available, enable multi-factor authentication as an additional layer of security for your accounts.
Beware of Scams: Be cautious about sharing any personal details or passwords through email or private messages. Refrain from clicking on suspicious links or attachments that might land in your email or social media accounts. If you receive a call or SMS claiming to be from a financial institution or another organisation, exercise caution. Do not respond or click on any links provided. It’s best to simply hang up or block the sender’s number. You can then verify the legitimacy of the call or text message by contacting the organisation directly using a publicly available phone number.
Monitor Financial Activity: Closely monitor your bank and credit card statements for any unauthorised transactions. Consider setting transaction limits on your online banking and exploring enabling additional security measures offered by your financial institutions.
Protect Your Credit: If you’re concerned about the possibility of identity theft, you can explore placing a credit report ban. This will help prevent unauthorised access to your credit information and minimise the risk of someone fraudulently applying for loans in your name.
A Stark Reminder of Online Safety
The Tangerine data breach serves as a stark reminder of the importance of online safety. By following recommended security practices and remaining vigilant, you can significantly reduce the risk of being impacted by similar incidents. Remember, a little caution goes a long way towards protecting your personal information in today’s digital world.
In the wake of the Tangerine data breach impacting 230,000 customers, are you confident your network is safe? Don’t wait for a similar attack to happen to your business. Contact Cybernetic Global Intelligence today for a free consultation.