Kingston Council has been made aware of a cyber security incident involving OracleCMS, which manages customer calls to Council outside of our regular opening hours.
When people call Kingston Council outside of regular business hours, OracleCMS takes the call on our behalf. Depending on the nature of the call, they may collect personal information, including the caller's name, phone number, email, and address.
Oracle CMS provides this service to many Councils, State Government departments and private sector companies right across Australia. Oracle CMS has advised its customers that an unauthorised third party has gained access to a portion of OracleCMS's data and published files online.
Oracle CMS is working with government authorities and cyber security experts to secure their systems and investigate the incident.
Kingston Council is also working to determine how, and how many, of our customers may have been impacted. At this stage we understand Kingston's impacted customer information is considered 'low risk' with no financial data provided and very few instances of accompanying email address data. Direct notifications will be provided to these customers by Kingston Council. The vast majority of records examined so far reveal limited personally identifiable information.
We will continue working closely with the Municipal Association of Victoria and the Victorian Government as a large number of other councils and government agencies are also impacted.
We take the security of our customers information very seriously and apologise for the concern this may cause to our customers.