cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Victorian councils’ call service affected by OracleCMS breach

Several Victorian councils have revealed that their after-hours call services are down following the OracleCMS breach that occurred earlier this month.

user icon Daniel Croft
Mon, 22 Apr 2024
Victorian councils’ call service affected by OracleCMS breach
expand image

At least four Victorian councils so far have confirmed that data has been stolen as a result of the breach, after notorious ransomware gang LockBit 3.0 breached the third-party provider.

Melbourne’s Knox City Council issued a statement, saying that while its own systems had not been compromised, files belonging to some of those who had utilised the after-hours call service had potentially been published online as part of the stolen data listed on the LockBit leak site.

“Customer contact details may have been accessed,” said Knox City Council.


“This is limited to the names, phone numbers and some property addresses of customers who have called [the] council outside of business hours.

“If it is confirmed that customer data has been accessed, customers will be contacted directly and provided with advice and guidance to reduce the risk of their information being misused.

“As a precaution, we have instructed OracleCMS not to collect any customer information and transfer any urgent requests directly to our on-call staff until further notice.”

Additionally, Manningham Council also issued a statement, adding that for the time being, it would manage after-hours calls by itself. Other than that, the statement’s wording is near identical.

Other affected councils include City of Monash and Whitehorse City Council, which also said that data had been potentially exposed.

OracleCMS, which is a call centre management service was reportedly attacked on 4 April. Not long after, the LockBit ransomware gang listed the organisation on its dark web leak site alongside a number of sample documents as proof of the hack.

The organisation provides services to a number of institutions and companies, including several law firms, a popular real estate agent, and the Queensland branch of the Philadelphia Church of God.

The City of Sydney was also affected in the breach, with leaked data including the location and metre IDs of every parking metre in the city.

City of Sydney, which also uses OracleCMS for after-hours calls, said it was aware of the incident.

“OracleCMS is contracted to provide after-hours and overflow contact centre support for the City of Sydney,” a City of Sydney spokesperson told Cyber Daily.

“We are working with OracleCMS to investigate an incident that impacted them and, if necessary, enhance the protection of our information held by them.

“At this stage, we understand that no City of Sydney systems were breached in this incident.”

Whilst OracleCMS declined to comment on the incident following requests by Cyber Daily, it has since released a statement saying it was aware of the breach and that files were published online.

“Upon discovery, OracleCMS engaged external cyber security experts to help us secure our systems and investigate the incident,” the statement read.

“Available evidence suggests that the impacted data is limited to corporate information, contract details, invoices, and triage process workflows.

“Any personal information, if present, is anticipated to be basic contact information as appears in contracts and invoices. We are advised that this data presents a low risk of misuse.”

OracleCMS added that it had been contacting potentially affected clients and that it would work with them if needle to mitigate data misuse and guide them through the aftermath of the incident.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.