We sent this advice to our customers earlier today:

Tower Systems website hacked

A representative of CERT Australia, part of the Federal Attorney-General’s Department, contacted us this morning and advised that our website had been hacked. They discovered this on seeing some user and company data on a platform commonly used by hackers.

We have confirmed the authenticity of the data.

From what we understand, the information hacked is user email addresses and Tower website usernames. We do not store any customer financial records or banking information on our website.

Our website is hosted off site in a commercial server farm with a high level of security. The same server farm is used by RMIT, Fosters, kikki.k, Hallmark and Australia Post. That the hacker got into our website back end demonstrates a level of determination and skill.

The next time you log into our website you will be asked to change your password. Please log in and do this ASAP.

We have today made a number of back end changes to security. Plus we are working with the off-site server farm business.

It is possible that the main impact of the hack will be an increase of spam emails to you. We apologise for this.

For the record, I note that our CRM (Customer Relationship Management) system in which all support call records are maintained is separate to our website and hosted out of the US. The hacker has not chested this site.

Also, to be certain, when you purchase items through our website, all payment details are handled directly by the ANZ with no payment data recorded or kept by us.

Mark Fletcher
Managing Director
M | 0418 321 338

Gavin Williams
Chief Operating Officer
M | 0418 554 759

Update: we now know how our website and others were hacked. We have other evidence which will help the investigators of the crime.