Emergency Warning Network confirms breach
Emergency Warning Network (EWN) has confirmed its systems were breached after an unauthorised alert was sent out to customers of the Australian-based service on Saturday night.
The company that sends out emergency weather warnings Australia-wide said on Monday morning that the alert was made by an individual who obtained credentials to send the alert in an illegal manner.
“The unauthorised alert sent on Saturday night was undertaken by an unauthorised person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers,” EWN posted on its website.
The message read: “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues.”
It also linked users to a bogus email address alongside a prompt to unsubscribe.
As first reported by the ABC, the unauthorised user sent messages via text, email, and landline to tens of thousands of people across Australia.
EWN is used by all levels of government.
EWN initially took to Facebook to tell users of its system that it had been compromised.
“At around 930pm [A]EDT 5th January, the EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWN’s database,” the post reads.
“EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert.”
EWN managing director Kerry Plowright told the ABC the breach is believed to have come from within Australia and called it a malicious attack.
“This event did not compromise anybody’s personal information,” he is quoted as saying. “The actual data held in our system is just ‘white pages’ type data, we deliberately don’t hold any other personal information.”
“The link used in this alert were non-harmful and your personal information was not compromised in this event,” Plowright added.
He also said that while not all of the company’s clients were affected, those that were included local, state, and federal government agencies.
EWN said its systems were quickly back up and running, providing ongoing alerts for severe weather and natural hazard events.
The company said investigations are continuing and it is working with the Police and Australian Cyber Security Centre.
Lawyers, accountants, and management types are the most likely to click on phishing links, according to the Notifiable Data Breaches report for July to September.
The SaaS-based recruitment firm has confirmed some data was compromised in the recent malware attack it suffered.
Thousands of people’s personal information may have been compromised after Family Planning NSW’s online databases suffered a ransomware attack last month.
Data breaches can be chaotic and stressful episodes. Learn the most effective actions you can take to help plan for these turbulent events.
Security is everyone’s problem, but CEOs should make sure their organisation doesn’t block its success. Gartner offers eight situations for CEOs to avoid if a breach occurs within their organisation.