Yarra City Council

Summary

Yarra City Council was among multiple Victorian councils affected by a data breach at their after-hours service provider OracleCMS. The attack, conducted by LockBit ransomware group in April 2024, resulted in 60GB of data being published online after a ransom deadline was not met on April 16, 2024.

Attack Vector

On April 12, 2024, OracleCMS became aware that data had been stolen from its network through a LockBit ransomware attack. The breach affected multiple Victorian councils using OracleCMS's after-hours call center services, with the stolen data published online when ransom demands were not met.

Consumer Impact

While Yarra City Council stated there is no evidence suggesting that data related to their council or customers was compromised, the breach affected multiple Victorian councils who used OracleCMS services. The 60GB data leak potentially exposed resident contact information and council service request details from affected municipalities.

Response

Yarra City Council publicly disclosed the incident and confirmed engagement with authorities. Multiple affected councils issued official data breach notices, including Knox City, City of Port Phillip, Manningham Council, Whitehorse City Council, and City of Monash, with some councils reporting impacts extending into June 2024.