Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
CEO Larry Sengstock says the council fell victim to a “major fraud incident” during the Christmas 2024 period.
The CEO of Noosa Council has revealed the details of a costly social engineering incident that cost the council millions of dollars last year.
According to council chief Larry Sengstock, “international criminal gangs” made off with $2.3 million after targeting the council with “social engineering AI techniques”. The council later recovered some funds, but the total loss still stands at $1.9 million.
“During the 2024 Christmas period, Noosa Council was the victim of a major fraud incident, perpetrated by international criminal gangs currently under investigation by Australian Federal Police and Interpol,” Sengstock said in a 13 October update posted to the Noosa Council website.
“I want to emphasise that this fraud was not related to cyber security. Council systems were not breached or affected, no data was stolen, and there was no impact to the public or our services. This has been confirmed by external forensic IT experts engaged by council to ensure ratepayers were protected.
“Once being alerted to this fraud, we established our incident crisis response team and immediately reviewed our operating procedures to ensure that processes were improved, and any risk of future fraud was minimised.”
Police initially told the council not to disclose any information regarding the incident while the investigation was underway, though the “Queensland Audit Office and relevant ministers” were informed.
“The criminals used social engineering AI techniques, and we will not go into specifics to avoid revealing the tactics of the criminals, and because of our legal obligation to protect council staff. However, we can reveal that the fraudulent activity was sophisticated, strategic, and targeted. We can also confirm that no council staff were at fault or involved in the criminal activities,” Sengstock said.
“Despite having processes and procedures to mitigate this type of event, unfortunately, in this instance, they were not effective enough, as this crime was committed by highly organised, professional criminals who found a way through our processes.”
Sengstock said the incident was a reminder to other local government entities “to be on their guard”.
“While we are very disappointed this has happened and are doing all in our power to ensure we minimise the risk as much as possible, so this doesn’t happen again, we are thankful that in this instance, no one in our community was directly affected and there was no impact on council’s operational functions or projects,” Sengstock said.
No threat actor was named as part of the disclosure, and given the nature of the crime, it is unlikely any group will take responsibility for the crime. Local councils have been targeted by hackers several times in the last few years. The most recent council to fall victim to a cyber attack was Muswellbrook Shire Council, which confirmed it was responding to an attack by the SafePay ransomware group that occurred in December 2024.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
