TPG told on Wednesday (14-Dec-2022) that the company’s cyber security advisor company Mandiant has informed that there has been a major cyber-attack on it. During this attack, an attempt has been made to hack the email accounts of 15,000 customers of the company. These were the corporate accounts of the customers and through this attack, the hackers were trying to hack the financial information along with the crypto currency of the customers.

The breach was discovered during a forensic historical review by cybersecurity company Mandiant. According to a statement released by TPG, cybercriminals hacked into the primary exchange service to lift financial information and cryptocurrency.

TPG Telecom says it was made aware of the incident on 13 December when its external cyber security advisers, Mandiant, brought forth evidence of unauthorized access to a Hosted Exchange service used for iiNet and Westnet business customers.

Hosted Exchange server with known vulnerabilities is a Microsoft service used by providers in the telecommunications industry, such as iiNet and Westnet, to provide email hosting services to customers. The service affected in this breach hosts email accounts for up to 15,000 iiNet and Westnet business customers.

 

Impact:

The announcement has caused the company’s share price to dip by 4.73% today to $4.83 a share.

TPG failing to respect his customers’ privacy that resulted in reputational harm, loss of personal information, and wasted resources. It can also put TPG in violation of the law, and lead to large fines and legal claims.

 

Remediation:

• Identify the potential impact on customers and advise customers to reset password and implement MFA (Multi factor Authentication) immediately.
• Proper investigation shall be done on the incident to identify the root cause.
• Multi Factor Authentication (MFA) can be implemented to restrict unauthorized access.
• Appropriate security solutions shall be implemented to restrict malicious traffic with Zero-Day Attack detection capabilities and Security Events monitoring within the Organization to detect & prevent cyber-attacks.
• Implementation of zero trust policy should be enforced across the organization.
• Implementation of appropriate access controls to prevent internal data access to any unauthorized user.
• Keep all systems patched, including all hardware, including mobile devices, operating systems, software, and applications, including cloud locations and content management systems (CMS), patched and up-to-date.