ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Tangerine Data Breach

tangerinetelecom.com.au
Limited exposure
Verified breach Passwords exposed
Accounts exposed 243,462
Breach date 18 Feb 2024
Added to tracker 28 Feb 2024
Data classes 7

What happened

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.

Exposed data

Dates of birth Email addresses Names Passwords Phone numbers Physical addresses Salutations

Recommended actions

  • Change your Tangerine password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Tangerine โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP