Cyber security incident

Published on 04 June 2024

civic-centre2.jpeg

An investigation into a cyber security incident involving OracleCMS, who manage out-of-hours customer calls to Council, has now concluded.

The incident involved unauthorised access to OracleCMS’ systems, and the theft of data which was then published online.

The review of the data has confirmed that it is mostly historical data dating back from October 2015 to September 2018, which contained personal information such as the name and phone number of the person contacting our out-of-hours service to report an issue. In some instances, a street address, often relating to where an out-of-hours issue was identified, was also involved.

No financial information or passwords were contained in the information collected.

We apologise for any inconvenience to you because of this incident.

A statement by OracleCMS is available here: https://www.oraclecms.com/news/

Next steps

Council has also engaged the services of IDCARE, Australia’s national identity and cyber support community service.

They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused.

IDCARE’s services are at no cost to you.

If you wish to seek advice from IDCARE in relation to this incident, please complete an online Get Help form at www.idcare.org and they will make contact with you.

Note IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday, excluding public holidays.

When engaging IDCARE please use the referral code CMSVGCM.

Stay Cyber Safe

We will never contact you to ask for usernames or passwords.

If someone says they are from Council and trying to do so, it is a scam. If a third party may have accessed your contact information, it is important to:

  • be aware of telephone and text-based scams
  • do not share your personal information with anyone unless you are confident about who you are sharing it with
  • use strong passwords
  • if you are asked to login, check the web address located in the address bar. If you're not sure, contact the business to check their website is legitimate
  • use multi-factor authentication for your online accounts, including your email and social media
  • ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;

For more information Recover from a data breach