Cyber Incident Victim: Whitehorse City Council

Whitehorse City Council publicly disclosed a data security incident involving its third-party after-hours call service provider, OracleCMS, on April 1, 2024. The breach notification followed OracleCMS informing the Council that their systems had been compromised. OracleCMS manages diverted customer service calls for Whitehorse City Council outside standard business hours, acting as an intermediary to receive calls on the Council's behalf. At the time of the announcement, the Council confirmed it lacked specific details regarding the breach's scope, including the nature or volume of potentially exposed data. The disclosure noted multiple other local councils were similarly affected by the same OracleCMS breach, indicating a broader supply chain incident beyond Whitehorse's operations.

The Council initiated an urgent investigation to determine whether any resident or customer data entrusted to its services was impacted, emphasizing its commitment to customer privacy. OracleCMS coordinated with unspecified government authorities during its own investigation, though no collaborative actions between the Council and these agencies were detailed. Whitehorse City Council explicitly stated OracleCMS did not possess direct access to Council-held data systems, potentially limiting exposure risks to call-related information processed during after-hours operations. The Council committed to directly notifying affected customers if investigations confirmed data compromise, though no timeline for this determination was provided. Residents with immediate concerns were directed to contact the Council's Manager of Customer Service via a published phone number for assistance.