Cyber Incident Victim: Yarra City Council

Yarra City Council became aware of a cybersecurity incident involving OracleCMS, a third-party provider responsible for managing after-hours customer calls on the council’s behalf. The breach occurred when an unauthorized third party accessed a portion of OracleCMS’s systems and subsequently published stolen files online. OracleCMS routinely collected personal information from callers during after-hours operations, including names, phone numbers, email addresses, and physical addresses, depending on the nature of the inquiry. Yarra City Council confirmed there was no evidence at the time of disclosure that its specific customer data or systems had been compromised, but it initiated precautionary measures given the potential exposure of sensitive information. The council immediately suspended all services provided by OracleCMS while investigations proceeded, though it maintained its own after-hours customer service operations during this period.

Yarra City Council engaged external cybersecurity experts to conduct a thorough forensic analysis to determine whether any personal data related to its residents had been exfiltrated or misused. The council coordinated with the Municipal Association of Victoria (MAV) as part of a broader response, noting that multiple other local government entities were similarly impacted by the OracleCMS breach. Regular updates were pledged to the community as the investigation advanced, emphasizing transparency while avoiding premature conclusions about the scope or severity of the incident. The suspension of OracleCMS services remained in effect pending the outcome of security reviews and remediation efforts. No operational disruptions to core council functions were reported beyond the temporary halt of outsourced call management.