Council services

Third party cyber security incident

Published 26 April 2024

Updates on the cyber security incident involving OracleCMS that impacted City of Port Phillip customers.

Update 20 June 2024

We are notifying, by mail, approximately 200 customers whose personal information was accessed in the OracleCMS data breach. The breach impacted customers who contacted our after-hours service in 2016 and 2017. Affected customers had some or all of the following information accessed, depending on what was provided during the call at the time:

Full name
Phone number
Email address
Personal address

As the data is 7 to 8 years old, we are aware that the details may no longer be current.

There are approximately 1,000 additional customers whose name and phone number were accessed as part of this breach. As we are unable to verify that this is current, accurate information in our database, we are unable to contact these customers. If you are concerned about your details having been accessed, or think you could be impacted by the breach, please contact us.

Email us at Help.DataIncident@portphillip.vic.gov.au or call our dedicated cyber security hotline on 03 9209 6789 from 9 am to 5 pm AEST Monday to Friday.

We are working closely with OracleCMS to understand how the incident occured so we can ensure it does not happen again. We have taken these steps:

Received confirmation from OracleCMS’ that there is no evidence of ongoing malicious activity within OracleCMS’ IT environment.
Ensured that customer data is not stored on OracleCMS network files.
Updated processes with OracleCMS to ensure only essential information is captured during after-hours calls.

This incident highlights the importance of maintaining tight controls with our external suppliers. We are also strengthening several internal processes related to data retention and cyber security responses.

Update 8 May 2024

OracleCMS and the Department of Premier and Cabinet have found that Personal Identifiable Information of customers who called City of Port Phillip after hours and spoke with OracleCMS, has been compromised in the cyber security incident.

There are approximately 1,300 contacts affected by the breach. The contacts are of some customers that called City of Port Phillip after hours in 2016 and 2017. The data is restricted to what was provided during the call. This may include customer name, address, phone number and email.

We are in the process of reviewing this data and contacting affected customers directly to advise them of the breach and provide tailored advice and support.

If you are concerned about your data, or require any further assistance, please contact our team on Help.Dataincident@portphillip.vic.gov.au.

Stay Cyber Safe

We will never contact you to ask for usernames or passwords. If a third party may have accessed your contact information, it is important to:

be aware of telephone and text-based scams
do not share your personal information with anyone unless you are confident about who you are sharing it with
if you are asked to login, check the web address located in the address bar and if you are suspicious contact the entity through the usual channels to ensure you are logging into a legitimate website
enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media
ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts
check the strength of your passwords.

For more information follow the guidance from the Victorian Government on how to recover from a data breach.

Update 26 April 2024

We are still working closely with OracleCMS and relevant agencies to investigate the data breach and understand what, if any, information has been impacted.

Our systems were not compromised by the attack on Oracle CMS. OracleCMS provided confirmation to City of Port Phillip that no customer Personal Identifiable Information has been compromised.

As the investigation continues, if we identify that the information of residents has been impacted, we will make direct contact to affected individuals immediately and provide tailored advice and support.

We know data breaches can be distressing. We recommend that you stay updated on developments of the investigation on this website.

The Australian Cyber Security Centre has a list of resources providing guidance on steps you can take to keep yourself cyber safe Protect yourself - Cyber.gov.au.

Original statement 22 April 2024

City of Port Phillip has been made aware of a cyber security incident involving OracleCMS, the contractor who manage customer calls to Council out of hours.

Unfortunately, an unauthorised third party has gained access to a portion of OracleCMS data and published files online. Oracle CMS is working with government authorities and a cyber security expert to secure their systems and investigate the incident.

City of Port Phillip systems have not been compromised and OracleCMS have confirmed that no City of Port Phillip customer details have been accessed.

We take the privacy of our customers very seriously and are working closely with Oracle CMS to investigate what has occurred.

If our customers are impacted, we will take every step possible to ensure that customers are notified.