Queensland water supplier Sunwater has suffered a cybersecurity breach that went undetected for months. 

Sunwater says hackers gained access to its systems for up to nine months before being detected, allowing them to place files on a web server to redirect visitor traffic to an online video platform.

Sunwater gave details of the breach after it was mentioned in a Queensland Audit Office report into the state's water authorities.

The breach occurred between August 2020 and May 2021 and involved unauthorised access to parts of a server that stored customer information.

However, a spokesperson for the group said last week that no financial or customer data had been compromised and that it has improved security since the unauthorised access to its online content management system was detected.

“Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report,” it said.

The audit office investigated six water authorities including Seqwater, Sunwater, Urban utilities, Unitywater, Gladstone Area Water Board and the Mount Isa Water Board. 

It highlighted deficiencies in internal controls including those used for funds transfer payment information, calling for immediate action to fix “ongoing security weaknesses in information systems”.

A copy of the report and its recommendations is accessible here.