Early Warning Network, a NSW company providing weather, fire and other alerts to councils and others, had a login compromised and used by an unknown party to make threats about customer security.
The company said on its website that the activity was detected and shut off at 9.30pm Saturday but not before the unauthorised party could cause problems.
“The EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWN’s database,” it said in a statement.
“This was sent out via email, text message and landline.
“EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert.”
Users reported receiving a spam text message on Saturday that read, “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues”.
The company said this morning that the attack was undertaken “using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers”.
Although the spam email contained a link and email address, they were “non-harmful”, EWN said.
In addition, “no information has been breached or lost,” the company said on Facebook.
“It was just a spam email”.
The company said investigations into the circumstances are continuing with the involvement of police and the Australian Cyber Security Centre.
EWN is owned by the ASX-listed company Aeeris. It said in a statement that "an external cyber security firm" has been called in to investigate the compromise, labelling it as "unauthorised server access" using compromised credentials.