232,000 Tangerine customers’ personal information has been leaked

Internet provider Tangerine has today announced that it has been impacted by a cyber incident resulting in 232,000 current and former customers' personal data (dating from June 2019 to July 2023) being leaked. It is believed the breach occurred on Sunday, February 18, and that management was notified on Tuesday, February 20.

In an email to affected customers, Tangerine warned that the following personal information may have been exposed:

• Full name
• Date of birth
• Mobile number
• Email address
• Postal address
• Tangerine account number

The provider says no payment information was leaked, as they do not store it, nor were any driver's license or ID documentation details, bank account information or passwords.

Although the investigation into the breach is ongoing, Tangerine revealed it had honed in on a suspect.

"We know that the unauthorised disclosure relates to a legacy customer database and has been traced back to the login credentials of a single user engaged by Tangerine on a contract basis," the provider said in the email to affected users.

In a press statement, Tangerine CEO Andrew Branson said, "No one is more disappointed than me."

"Anything that negatively impacts our loyal customer base hurts, and we sincerely apologise to them for this incident."

In addition to revoking the suspect's network and systems access, Tangerine has engaged a third-party cyber security specialist to lead an investigation into the breach, and both the Australian Cyber Security Centre and Office of the Australian Information Commissioner have been informed.

Tangerine says it will inform affected customers about any compensation that may be available after it finishes the investigation.

Tangerine claims it's safe for users to access the company's Self Care Portal, but that it will send a one-time verification code to users' mobile numbers and email addresses to verify their identity before giving them access to their account.

The provider is also offering customers the option of changing their Tangerine account number and setting up additional security questions to strengthen their accounts moving forward.

Unfortunately, as a result of the incident, affected customers are at an increased likelihood of receiving scam calls, texts and emails. Tangerine recommends those affected by the breach be wary of all emails they receive, including those purporting to come from Tangerine itself. If you are unsure of the legitimacy of an email or text message you receive in the wake of this incident, contact the sender directly (through an official contact channel) to confirm.