A western Sydney council has sought an injunction restricting the publication or dissemination of data obtained when hackers breached the council’s network during an October 2025 cyber incident.
Fairfield City Council initially disclosed the incident on 16 October, when it said it was “investigating unauthorised access to a portion of our internal IT systems by an external third party”.
In a later update, however, the council went into further detail on the incident.
“Fairfield City Council experienced a cyber incident in October 2025 involving unauthorised access by an unknown third party to a portion of our IT environment,” the council said in a 6 February 2026 update.
“As soon as this incident was detected, a response team was quickly mobilised, and work began to ensure the security and integrity of our systems. We would like to assure you that the incident was swiftly contained, and our systems are secure.”
At the time, the council said it had engaged external experts and had informed government agencies, including the Information and Privacy Commission NSW (IPC), Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), and Cyber Security NSW.
Unfortunately, during its investigations, Fairfield City Council established that the unknown threat actor had accessed the following personal data:
- Contact information
- Bank account information (account name, account number, and/or BSB number)
- Health information
- Employment information
- Legal information
- Non-DVS identity cards or information
No threat actor has yet taken responsibility for the attack, and according to court documents, the incident was a ransomware attack that involved the encryption and exfiltration of the indicated data.
What happened?
The data impacted by the attack was stored on systems at several council sites and hosted on a “third-party data centre” in NSW.
“On or about 8 October 2025, unnamed persons claiming to be part of a named group gained unauthorised access to the servers and encrypted them with ransomware,” according to NSW Supreme Court documents published on 12 March.
“In the course of investigating this activity, the plaintiff discovered a ransom note which claimed that the plaintiff’s network/system had been encrypted, that the unnamed persons had downloaded compromising and sensitive data from the network/system … and that the data would be published if the plaintiff refused to communicate or failed to come to an agreement with the unnamed persons. The ransom note included instructions for the plaintiff to communicate with the unnamed persons only through a specified chat room.”
The hacker claimed in the chat room that, in return for a ransom payment, a decryptor would be supplied, and no further attacks would be made against the council. However, the council refused to pay.
Orders have since been served to the threat actor, via the chat room, restraining them from “placing any information or material from the impacted dataset (including the exfiltrated dataset) at any location on the internet” or “transmitting, publishing, or disclosing any information or material from the impacted dataset (including the exfiltrated dataset) to any person”.
The threat actor was also directed to remove all data from “all accessible internet locations (including ‘dark web’ locations)”.
As of Fairfield City Council’s February update and the court documents published in March, the impacted data has not yet been published on either the clear or dark web.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.