iiNet investigation finalisation

6 March 2017
Tags: statement

Finalisation of iiNet investigation

6 March 2017

The Australian Information and Privacy Commissioner has finalised an investigation into an apparent data breach involving iiNet subsidiary Westnet.

The data breach had initially appeared to have occurred after a hacker compromised a Westnet legacy database containing the personal information of some Westnet customers, and offered the information for sale online. The Commissioner was concerned that this incident had revealed that some Westnet user passwords were stored in plain text.

In response to the investigation, iiNet confirmed that its own and WA police investigations had found no evidence of an unauthorised intrusion into the Westnet database. iiNet also conducted a number of actions including:

  • immediately shutting down the legacy database and migrating account details to another system where customer password details are stored with encryption.
  • undertaking a review of all iiNet’s customer databases and confirming that all customer passwords are stored in an encrypted form.

The Commissioner is satisfied that the matter has been adequately dealt with by iiNet.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au