Cyber Incident Victim: Goulburn Mulwaree Council

The Goulburn Mulwaree Council experienced a cyber incident that targeted its official presence on the social media platform Facebook. The attack occurred in July 2023, leading to the complete compromise of the council's previous Facebook page. As a direct result of this security breach, the council was forced to make the decision to shut down the affected page entirely. The severity of the compromise was such that recovery of the original page was deemed impossible by council staff and their external partners. This loss meant that all existing content, follower connections, and community engagement history associated with the original page were permanently lost, severing a key digital communication channel between the local government and its constituents.

Following the attack and the subsequent shutdown, the council initiated a dedicated response effort to restore its social media capabilities. This process involved significant internal effort from council staff who worked diligently to address the situation. Recognizing the specialized nature of the incident, the council also engaged in collaboration with external companies that possess expertise in the fields of cyber security and digital marketing. The primary objective of this collaborative effort was not only to address the immediate security concerns but also to establish a new, secure online presence for the council on the Facebook platform. This multi-faceted approach indicates the council treated the incident with the seriousness it warranted, seeking professional assistance to mitigate the damage and prevent a recurrence.

After a period of work throughout July, the council successfully launched a brand new Facebook page in August 2023. The new page was created to replace the compromised one and represents a fresh start for the council's online engagement. The council publicly stated that this new page provided an opportunity to generate a fresh and, importantly, a safe online presence. The emphasis on safety highlights the council's heightened awareness of cybersecurity following the attack and its commitment to ensuring a more secure environment for community interaction. The new official page can be found at a specific URL, which was publicly shared to ensure the community could easily locate and follow the authentic council presence.

The restoration of the Facebook page was crucial for the Goulburn Mulwaree Council as it serves as a vital tool for civic communication. The platform is used to share a wide array of important updates with the community, disseminate news, promote local events, and highlight the various assets and attractions within the region. The inability to use this platform during the outage represented a significant disruption to the council's public communication strategy. The chief executive officer of the council, Aaron Johansson, expressed pleasure at being able to return to these activities, underscoring the importance of this channel for community engagement and information distribution.

Throughout the process, from the initial attack and page shutdown to the launch of the new page, the council maintained communication with the public, acknowledging the incident and the steps being taken. The council issued a formal media statement to announce the launch of the new page and to explain the circumstances that necessitated its creation. In this communication, the council extended its thanks to the community for its patience during the disruption. The council also actively encouraged residents and followers to connect with the new official page to resume receiving updates and information, demonstrating an effort to rebuild its online community from the ground up.

The incident, while primarily affecting a social media account, underscores the broader vulnerabilities that local government bodies can face in the digital realm. The attack resulted in a tangible loss of service, disrupting the flow of information between the council and the public it serves. The council's response, involving both internal resources and external cybersecurity specialists, illustrates a recognized protocol for responding to such incidents, focusing on containment, mitigation, and recovery. The decision to completely replace the page rather than attempt a recovery indicates that the compromise was substantial, potentially involving unauthorized access that could not be reliably purged or secured.

The exact nature of the cyber attack, such as the specific tactics, techniques, and procedures used by the threat actor, is not detailed in the available public statements. Similarly, the scope of the compromise beyond the loss of control of the Facebook page itself is not elaborated upon. There is no public indication from the council that other systems, internal networks, or sensitive data were affected in the incident. The focus remains solely on the social media account, suggesting the attack was contained to that specific asset. The public messaging from the council focused on the restorative actions taken and the positive outcome of establishing a new, secure page, rather than on the technical details of the breach itself.

This event highlights the ongoing cybersecurity challenges faced by organizations of all types, including local councils. Social media platforms, while powerful tools for engagement, represent a potential attack surface that can be targeted by malicious actors. The consequence for Goulburn Mulwaree Council was a temporary but complete loss of a key public communication channel, requiring a coordinated and resource-intensive effort to restore functionality. The incident serves as a case study in the importance of securing all digital assets, even those that may be perceived as less critical than core internal systems, as their compromise can still significantly impact an organization's operations and its relationship with the community. The council's recovery and its public statements demonstrate a commitment to rebuilding trust and maintaining open lines of communication with the residents of Goulburn.