Queensland Water Supplier Suffers a Months-Long Undetected Security Breach

The largest national water supplier in Queensland, Sunwater, was targeted by hackers in a nine-month-long cybersecurity breach. The hackers left suspicious files on a web server to direct visitors to an online video platform.

Key Points

No customer or financial information got stolen in this breach. Sunwater admitted the breach after formally discussing the Queensland’s Audit Office report, which only mentioned the incident but did not specify which organization was hit.

Sunwater also stated that no financial or customer data leaks occurred and that no personal information was compromised. Additionally, the organization took necessary steps to improve security after unauthorized access was detected.

The cyber breach occurred between August 2020 and May 2021. It involved unauthorized access to the organization’s web server that stores customers’ information. Additionally, threat actors targeted older and more vulnerable versions of the system.

The report also stated that even though the institutions were prompted to improve the security of their information systems, very little was done to address the issues.
Additionally, there were multiple issues related to internal control, with 24 deficiencies being present in the sector. The most common issues that could cause cyber security breaches were related to access to electronic payment information, supplier information, and employee data.