Cyber Incident Victim: Woollahra Council Libraries

On December 15, 2023, Woollahra Council in Sydney's eastern suburbs discovered a cyberattack targeting library systems serving affluent areas including Double Bay, Watsons Bay, and Paddington. The breach occurred through a third-party software platform handling library operations such as public computer access, room reservations, printing/scanning services, and fine payments. Attackers potentially accessed personal data of library card holders who used these services, including names, residential addresses, email contacts, phone numbers, and partial credit card payment details. Encrypted passwords for the booking system were also stored within the compromised environment, though the council did not confirm whether decryption occurred. Council representatives stated they could not determine the exact number of affected individuals but confirmed the incident exclusively impacted users who had interacted with the specified library services.

Woollahra Council initiated incident response protocols upon detection, engaging the Australian Cyber Security Centre, Cyber Security NSW, and a specialized cyber forensic firm to investigate the breach. The third-party software provider developed and deployed a patch to address the exploited vulnerability in their system. Beginning December 15, the council directly notified potentially impacted library patrons about the data exposure and provided instructions through individual communications. Affected individuals were directed to contact ID Support NSW at a dedicated helpline (1800 001 040) for further assistance. The investigation confirmed no compromise of broader council infrastructure beyond the specified library management systems.