This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Woollahra Council Libraries

Summary

Woollahra Council's library system in Sydney's eastern suburbs was hit by a cyberattack on 15 December 2023 that potentially exposed residents' personal data including passwords, contact information, and partial credit card details. The affected software managed library functions such as room bookings, fines, and computer access at libraries in Paddington, Double Bay, and Watsons Bay. The council engaged cybersecurity experts and government agencies to respond to the incident.

What Happened

On 15 December 2023, a cyberattack targeted the software system responsible for managing Woollahra Council's library operations. The compromised system handled various library functions including room bookings, issuing fines, facilitating computer access, and managing printing services across the council's three library branches.

The attack exposed vulnerabilities in the library management software that held personal information of library users from the affluent eastern suburbs communities of Paddington, Double Bay, and Watsons Bay.

Impact on Individuals

The breach potentially exposed users' passwords, contact information (including names, addresses, phone numbers, and email addresses), and partial credit card details. The exposure of passwords raised particular concerns as many individuals reuse passwords across multiple services, potentially amplifying the impact beyond the immediate breach.

Library users who had registered accounts for borrowing materials, booking facilities, or paying fines were potentially affected. The council advised users to remain vigilant against scams as a precautionary measure.

Organisational Response

Woollahra Council consulted with the Australian Cyber Security Centre and Cyber Security NSW to manage the incident. The council engaged a cybersecurity expert to investigate the breach and secure the systems.

The software provider promptly implemented a fix to secure the system. The council notified affected library users of the potential data exposure and recommended vigilance against potential scams or phishing attempts. The council also offered support through ID Support NSW to assist any victims of identity theft resulting from the breach.

Verification Source: View original statement