Vocus Group Cybersecurity Incident: Email Accounts and SIM Swaps Exposed in October 2025 Attack

Overview: On 19 October 2025 Vocus Group — parent company of consumer brands including Dodo and iPrimus — experienced a cybersecurity incident that resulted in unauthorised access to a number of email accounts and a small number of SIM-swap events affecting mobile customers. The company temporarily suspended email services to contain the incident and worked to restore access while notifying impacted customers.

Scope & impact: The breach primarily affected business and consumer email systems and a subset of mobile accounts. Reported harms included mailbox access and several SIM swaps; there has been no public confirmation of large-scale exfiltration of entire customer databases.

What Vocus did: Vocus detected suspicious activity, restricted or suspended impacted email services to limit further access, initiated reversal of unauthorised SIM changes, and communicated with affected customers while coordinating with relevant authorities.

Immediate guidance for affected customers

• Contact your mobile carrier immediately if you suspect an unauthorised SIM change and confirm any recent changes directly with the provider.
• Reset passwords for affected email accounts and any services that use those addresses. Use strong, unique passwords and consider a password manager.
• Enable multi-factor authentication (prefer authenticator apps over SMS where possible).
• Monitor bank accounts, credit reports and identity-related services for signs of fraud and consider identity-recovery support if personal data may have been targeted.

Actionable steps for organisations

• Force password resets for compromised mailboxes, review mailbox rules and audit admin activity for suspicious changes.
• Harden protections against SIM-swap fraud by implementing carrier-level PINs/passphrases and stronger verification processes for number changes.
• Review and exercise incident-response plans: rapid containment (including temporary service suspension) can limit escalation but must be paired with clear customer communications.
• Share findings with regulators and national cyber authorities to enable coordinated response and threat intelligence exchange.

Takeaway: The Vocus incident underscores persistent risks from credential compromise and SIM-swap fraud. Swift detection and containment limited visible impact, but both businesses and consumers should treat account compromise seriously: reset credentials, enable MFA, confirm carrier protections, and monitor for fraud.