iiNet hacked: customers' emails, phone numbers exposed

Another 10,000-odd iNet user names, street addresses and phone numbers and about 1700 modem set-up passwords were also believed to have been accessed by an unknown third party.

The third party gained access to its the system after stealing account credentials from an employee, early investigations suggest.

The hack was confirmed on Saturday but TPG did not notify iiNet customers or its shareholders until Tuesday morning.

"We unreservedly apologise to our iiNet customers impacted by this incident," TPG said in a statement to the Australian Securities Exchange.

"We will be taking immediate steps to contact impacted iiNet customers, advise of any actions they should take and offer our assistance.

"We will also contact all non-impacted iiNet customers to confirm they have not been affected."

The system caught up in the data breach is used to track iiNet orders such as broadband connections.

No credit cards, banking details or customer ID documents such as passports or driver's licences were exposed as that information was not held in the system, the company said.

The telco has removed the unauthorised access from its system and hired external IT and cyber security experts to assist its response.

It is also liaising with the Australian Cyber Security Centre, the National Office of Cyber Security, the Office of the Australian Information Commissioner and other relevant authorities.

"We do not currently have any evidence to suggest an impact to our broader systems or other customers," TPG said.

TPG Telecom Group holds the second largest share of Australia's internet market, with TPG, Vodafone, iiNet and Internode among its stable.

iiNet customers have been urged to remain vigilant to any suspicious communications received via email, text or phone call.

A dedicated hotline has been set up for customers with concerns.