Energy One, one of Australia’s largest energy suppliers, has suffered a cyber attack impacting its systems in Australia and the UK.
Energy One Limited (EOL) announced the cyber incident in a Monday release to the Australian Stock Exchange – stating it had established that “certain corporate systems” in Australia and the UK had been affected by a cyber attack.
The company, which is known for being the largest supplier of 24/7 operational energy services in Australia, said it took “immediate steps to limit the impact of the incident” and had disabled some links between its corporate and customer-facing systems to ensure customer security.
While EOL has started investigations and engaged cyber security specialists CyberCX in response to the incident, it has not publicly disclosed details such as who launched the attack or what data has been impacted.
“Energy One’s top priorities are the safety and security of its people, its customers, and its systems,” said EOL.
“Energy One’s response to this incident, and its investigation, is continuing.”
The company services customers from across the globe, including energy retailers, generators, users and traders ranging from startups through to multi-national organisations.
Board chair Andrew Bonwick told Information Age it was a particularly busy period for the company as it continues to work closely with relevant authorities in Australia and the UK.
Due to ongoing investigations, no further comment could be provided regarding who carried out the attack or what data was potentially impacted.
As part of its response, EOL said it is working to secure its systems and establish “whether or what” personal information and/or customer systems have been affected.
The company has alerted Australia’s lead cyber security agency, the Australian Cyber Security Centre (ACSC), alongside UK authorities.
“Energy One will continue to provide updated information as it gains greater clarity about the incident and the likely timeframe for its resolution,” said EOL.
Energy sector a growing target
Recent years have shown an alarming uptick in attacks targeting Australian energy providers.
In the ACSC Annual Cyber Threat Report for financial year 2021–22, the electricity, gas, water and waste service sector entered the top 10 sectors reporting cyber attacks – replacing the retail sector from the year prior.
With the top 10 accounting for approximately 75 per cent of all incidents for the financial year, the electricity, gas, water and waste service sector accounted for 3% – while the highest reporting non-government sector (health care and social assistance) accounted for 9%.
Landmark attacks against Australian organisations such as Medibank and Optus dominated the 2022 news cycle, but a slew of quieter attacks against energy providers raised concerns over threats facing Australia’s critical infrastructure.
“The risk to Australia’s critical infrastructure networks is real,” read the report.
“Even the most trivial exploitation can result in major impact, especially if malicious actors move laterally from internet-facing devices on corporate networks to the operational networks of critical infrastructure providers.”
In 2021, a major security incident saw the corporate ICT network of Queensland Government-owned electricity generator CS Energy – which generates 10 per cent of the electricity for the national electricity market – targeted by the Russia-linked ransomware group Conti.
Further incidents in 2022 saw energy providers EnergyAustralia and AGL hit by cyber attacks which impacted sensitive customer data, and as recently as last week, a dark web leak has appeared for Queensland-based electrical infrastructure company CB Energy.
The purported leak appeared on the site of prominent ransom gang Medusa, and contained alleged samples of contractor and driver licences, internal documentation, tax invoices and more.
At the time of writing, CB Energy had not released a public statement confirming the legitimacy of the purportedly stolen data.
