Cyber Incident Victim: Manningham City Council

Manningham Council became aware of a cybersecurity incident involving OracleCMS, its third-party provider for after-hours customer call services, as disclosed on April 1, 2024. The breach occurred when an unauthorized third party accessed a portion of OracleCMS’s data and subsequently published files online. OracleCMS manages calls to Manningham Council outside business hours and, depending on call requirements, collects personal information including names, phone numbers, email addresses, and residential addresses. The compromised data was limited to information obtained through these after-hours interactions, specifically names, phone numbers, and some property addresses of customers who contacted the council during non-business hours. Manningham Council confirmed OracleCMS does not have access to its internal databases, isolating the breach to data held exclusively by OracleCMS and preventing unauthorized access to the council’s primary systems or stored customer records.

OracleCMS initiated response measures in collaboration with government authorities and cybersecurity experts to secure its systems and investigate the incident’s scope. Manningham Council directed OracleCMS to cease collecting customer information immediately and to route urgent after-hours requests directly to council staff until further notice. The council committed to notifying affected customers once OracleCMS completes its identification of impacted individuals, with direct communication planned to provide guidance on mitigating misuse risks. No timeline was specified for this notification process. Manningham Council publicly acknowledged potential risks to customer data privacy, apologized for related concerns, and pledged updates as new information emerged. The incident disrupted standard after-hours call-handling procedures, requiring temporary operational adjustments to minimize additional exposure while forensic investigations continued.