Vic councils’ after-hours call answering service breached – Security


Several Victorian councils are working to establish their exposure after an after-hours call centre operator was breached.



The provider, OracleCMS, acknowledged the incident and said that “a portion” of its data was accessed and leaked online.

“Available evidence suggests that the impacted data is limited to corporate information, contract details, invoices, and triage process workflows,” OracleCMS said.

“Any personal information, if present, is anticipated to be basic contact information as appears in contracts and invoices. 

“We are advised that this data presents a low risk of misuse.”

Local governments are among the customers of OracleCMS, and many said over the weekend that they were investigating their exposure.

Knox City Council, in Melbourne’s eastern suburbs, said that “names, phone numbers and some property addresses for customers who have called Council outside of business hours” may have been accessed.

“If it is confirmed that customer data has been accessed, customers will be contacted directly and provided with advice and guidance to reduce the risk of their information being misused,” Knox said.

“As a precaution, we have instructed OracleCMS not to collect any customer information and transfer any urgent requests directly to our on-call staff until further notice.”

Manningham Council, also in Melbourne, issued a similarly worded statement and said it would take after-hours calls itself in the interim.

City of Monash and Whitehorse City Council also indicated potential exposure. 

OracleCMS was listed as a victim of the LockBit ransomware group earlier this month, according to posts on X.





Source link