Cyber Incident Victim: City of Port Phillip
Date:
Apr 2024
Location:
Australia
Summary
A third-party cyber incident impacted the City of Port Phillip through its contractor OracleCMS, which managed after-hours customer calls. Unauthorized access to OracleCMS data led to the exposure of personal information from approximately 1,300 customers who contacted the council during specific historical periods, including names, phone numbers, email addresses, and residential addresses for some, while others had only names and numbers compromised. The council confirmed its internal systems remained secure, and OracleCMS implemented containment and remediation measures while eliminating ongoing malicious activity. Approximately 200 affected customers with verified details were directly notified, while outreach to others was hindered by outdated records. The council revised data retention practices and restricted information collection with the contractor to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Port Phillip disclosed a third-party cyber incident on April 22, 2024, involving OracleCMS, its after-hours customer call contractor. An unauthorized party accessed a portion of OracleCMS data and published files online, prompting OracleCMS to engage government authorities and cybersecurity experts to secure systems and investigate. Initial statements confirmed City of Port Phillip systems remained uncompromised, with OracleCMS asserting no customer details were accessed. By April 26, the council continued collaborating with OracleCMS and agencies to assess potential data impacts, maintaining no resident personal identifiable information (PII) was compromised at that stage. Updates on May 8 revealed compromised PII for approximately 1,300 customers who contacted after-hours services in 2016 and 2017, including names, addresses, phone numbers, and emails provided during calls. The council initiated data reviews and direct notifications to affected individuals, offering support via a dedicated email address.
Further investigation by June 20 identified approximately 200 customers with accessed personal addresses, names, phone numbers, and emails who were notified by mail, while ~1,000 additional individuals had only names and phone numbers exposed but couldn't be contacted due to outdated records. OracleCMS implemented containment, remediation, and security uplift measures, with the council confirming no evidence of ongoing malicious activity in OracleCMS systems. Process changes included restricting stored customer data on OracleCMS networks and minimizing information collected during after-hours calls. The July 19 update concluded OracleCMS's investigation, confirming no further malicious activity and completed remediation. City of Port Phillip reinforced data retention policies and third-party oversight while maintaining support channels for concerned residents through a dedicated hotline and email until the investigation's closure.