July 14th, 2024After-hours service provider in data security incident

The City of Ballarat was recently left to contact residents in recent days, after being notified of a cyber security incident involving its after-hours service provider, OracleCMS.

 OracleCMS is a third-party supplier which the council uses as its after-hours phone call service provider.  

When the community calls the City of Ballarat’s service line outside of business hours, the call is diverted to OracleCMS who take the call on the council’s behalf and then pass the message over to the council.    

The City of Ballarat’s own systems and databases have not been accessed. This data breach relates to the external OracleCMS system only.  

A total 52 impacted local residents were being notified about the breach. The affected data was limited to ‘low risk identity attributes’ that was collected between April 2015 and December 2017 and largely consisted of first names and last names of individuals along with their addresses and phone numbers.

City of Ballarat, Acting Chief Executive Officer, Matt Wilson said the protection of our local resident’s confidentiality and privacy is of critical importance.

“The City of Ballarat apologises unreservedly to everyone affected by this incident,” Mr Wilson said in recent days, following the breach.

“We are in the process of contacting every resident impacted and are offering no-cost access to the services of national identity and cyber support service IDCARE.”

The City of Ballarat takes the privacy of its customers very seriously and is committed to ensuring all contracted service providers have the strongest cyber security measures in place.

OracleCMS have since undertaken several steps to enhance their cyber security and help prevent recurrence, supported by cyber security experts.

They have also been working with government authorities to investigate the incident which had impacted a number of organisations and local councils across Australia.

Words & Image: Supplied.