The City of Murfreesboro has disclosed a security incident involving the online portal for its Water Resources Customer webpage.

In early August, IT personnel for the Rutherford County municipality detected some security issues affecting the online portal for the Water Resources Customer webpage. Tennessean reported that they decided to shut down the portal so that they could investigate the issues. In so doing, they closed off the ability for customers to make online payments. They therefore took to Twitter to keep customers informed.

The IT department’s investigation revealed that digital attackers had gained access to the online portal via a single page containing old scripts. Those individuals then leveraged that access to deface the webpage by inserting images of both the Iranian flag and a Guy Fawkes mask. They also posted the text “Hacked by Iranian Hackers” and ” Hacked by Mamad Warning” along with the following message:

We are always closer to you. Your idenity[sic] is known to us. Your information is for us 😉 take care.

A screenshot of the hacked online portal. (Source: News Channel 5 Nashville)

IT had not attributed the bad actors responsible for the compromise by the time of Tennessean’s reporting. But it had determined that the attack did not expose any customer information. It had also predicted that it would be able to restore access to the portal by 5 August, if not sooner, while it worked to update the old scripts used by the municipality.