Riverina Water says its computer systems were broken into earlier this month but customer information and supply systems were not affected.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Riverina Water confirmed on Monday that an electronic intrusion did result in a small amount of data being downloaded but did not result in significant impacts.
"An unauthorised third party gained temporary access to Riverina Water's IT systems on July 8," a Riverina Water spokesperson said.
"Corporate systems, such as those containing customer or payment information, were not accessed. There was no impact to water supply and no significant impact to operations following the incident."
The water authority supplies 73,000 people across more than 15,000 square kilometres of the Riverina, including Wagga City, Lockhart and parts of Greater Hume and Federation councils.
UTS Business School adjunct professor and former Whitehawk cybersecurity board member, Louise McElvogue, said it was possible that hackers carried out a 'penetration test' on Riverina Water.
"It could be someone testing to see how easy it is to get into a system; when I'm advising companies on cybersecurity it's all about deciding what is your Crown Jewels and needs to be in Fort Knox and what you leave less protected," she said.
"[The Riverina Water incident] could have involved of those systems that are less protected."
A Riverina Water spokesperson said a forensic investigation by external cyber security experts confirmed a small amount of data was downloaded from the organisation's servers.
"There is currently no indication that personal information relating to customers or suppliers was present in this dataset, however, we are investigating this as a priority in accordance with our privacy obligations," the spokesperson said.
"We treat all malicious cyber activity very seriously and are continuing to work with cyber security specialists in line with their recommendations."
Ms McElvogue said organisations behind vital infrastructure were now seeing their "worst case scenarios" becoming possible as professional hackers carried out more attacks to extort money or benefit foreign governments.
"It's our worst nightmare. It's like in the movies where they hack in and take control and shut off the water but unfortunately it's becoming reality," she said.
In other news
Riverina Water's systems were broken into about a day after thousands of organisations across the world were hit by hacking attacks through a security flaw in software made by the Kaseya company.
Riverina Water's statement did not address whether or not it was a victim of this particular wave of attacks or whether or not it had been subject to an attempted 'ransomware' attack whereby hackers lock up a system and demand payment to restore services.
"We are very conscious that malicious cyber actors can monitor public commentary on an incident and for this reason, while the investigation is ongoing, we will not provide additional details regarding it," a Riverina Water spokesperson said.
Riverina Water is far from alone in being targeted by hackers as the NSW Health, NSW Department of Education and the NSW Labor Party all suffered cyberattacks within the past three months.
"A forensic investigation by external cyber security experts confirmed a small amount of data was downloaded from our servers," a Riverina Water spokesperson said.
"There is currently no indication that personal information relating to customers or suppliers was present in this dataset, however, we are investigating this as a priority in accordance with our privacy obligations.
"We treat all malicious cyber activity very seriously and are continuing to work with cyber security specialists in line with their recommendations."
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content:
- Bookmark dailyadvertiser.com.au
- Follow us on Twitter
- Follow us on Instagram
- Follow us on Google News
- Make sure you are signed up for our breaking and regular headlines newsletters