A hacker has been able to send messages via text, email, and landline to tens of thousands of people across Australia after an emergency warning alert service, used by councils, was hacked.
- The company says a ‘small proportion’ of its database received a message from the hacker
- People who received the message are urged to delete it and not reply
- Police are investigating the breach
The message sent from the Early Warning Network on Friday night warned “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues”.
It then included a link to a support email address and a website.
EWN said a hacker accessed its alerting system and sent the message to part of its database.
“This was sent out via email, text message and landline,” the company posted on Facebook.
“EWN staff at the time were able to quickly identify the attack and shut off our systems limiting the amount of messages sent out. Unfortunately, a small proportion of our database received this alert.”
The company urged residents to not click the links and to delete the message.
EWN managing director, Kerry Plowright, said the breach is believed to have come from within Australia and involved “compromised login details”.
“This event did not compromise anybody’s personal information,” he said.
“The actual data held in our system is just ‘white pages’ type data, we deliberately don’t hold any other personal information.
Email sent to some Queenslanders on January 5, 2019 telling them the Early Warning Network had been hacked. EWN said the message was sent by a hacker who accessed the alert system.
“The purpose of that notification from the person that sent it was to damage this business. It was malicious.”
Mr Plowright said not all of the company’s clients were affected, but those that were included local, state and federal government agencies.
The company said its warning system remained fully operational during the breach and that it was working with the Queensland Police and the Australian Cyber Security Centre on the investigation.
In Queensland, Gladstone, Tablelands, Ipswich, and Logan councils posted on their Facebook pages to warn residents about the breach.
Darwin residents also reported having received the scam texts and emails, with the EWN used by the Territory Insurance Office (TIO) to send out severe weather warnings, including for cyclones.
Mr Plowright said in the case of the NT, the EWN would usually be responsible for providing data to a number of “blue chip” clients, including councils, regarding when and how a cyclone could hit.
‘My heart dropped’
Mr Plowright said it was too early to tell if the attack would have a significant impact on the business, which began in a garage more than a decade ago.
“When this occurred, my heart dropped. I thought, ‘wow, okay, this is the worst possible thing I could ever imagine’,” he said.
“We’re not a big business, we’re not an IBM or a Telstra or something like that. We’re a relatively small business, so to us this is an extremely big deal and our reputation means everything.
“We’re incredibly embarrassed that we’ve put some of our customers through this embarrassment and they’ve been very gracious in that process.”
He said hacking has become a reality of doing business in the IT world, but the company would do everything it could to prevent further breaches.