TPG Telecom said on Monday morning that it had the data of two customers accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach.
"The incident was isolated to the TrustedCloud service. The TrustedCloud service is hosted in a standalone environment that is separate from our telecommunications networks and other systems," the company told the ASX.
"The incident has not impacted customers from any of our other brands, products or services."
TPG Telecom gained TrustedCloud when it purchased IntraPower in 2011, with the service being "in the process of being decommissioned" and set to disappear in August. The telco said the service had only a "few" remaining customers.
"We have introduced measures to improve the security of the TrustedCloud service," TPG said.
"Although we are confident this incident has not impacted our other environments, we have also increased the cybersecurity defences across our entire business."
Earlier this month, the Australian Department of Parliamentary Services has said its March outage was a result of a deliberate choice to shut down its legacy mobile device management (MDM) system after it saw an attempted intrusion on the parliamentary network.
"The attack did not cause an outage of the DPS systems. DPS shut down the MDM system. This action was taken to protect system security while investigation and remediation were undertaken," DPS said.
"To restore services, DPS brought forward the rollout of an advanced mobile services solution that replaced the legacy MDM. The new solution provides greater security and functionality for mobile devices. This rollout was a complex activity and extended the outage experienced by users."
The legacy MDM system remains in use in a limited capacity.
The Australian Signals Directorate said it knew who conducted the attack, but would not say who.