Third party cyber security incident

    Published 26 April 2024
    City of Port Phillip has been made aware of a cyber security incident involving OracleCMS

    Update 8 May 2024

    Our work with OracleCMS and the Department of Premier and Cabinet has found that some City of Port Phillip customer Personal Identifiable Information has been compromised in the OracleCMS cyber security incident.

    There are approximately 1300 contacts affected by the breach. The contacts are of customers that called City of Port Phillip after hours in 2016 and 2017. The data includes customer name, address, phone number and email.

    We are in the process of reviewing this data and contacting affected customers directly to advise them of the breach and provide tailored advice and support.

    If you are concerned about your data, or require any further assistance, please contact our team on Help.Dataincident@portphillip.vic.gov.au.

    Stay Cyber Safe

    We will never contact you to ask for usernames or passwords. If a third party may have accessed your contact information, it is important to:

    • be aware of telephone and text-based scams
    • do not share your personal information with anyone unless you are confident about who you are sharing it with
    • if you are asked to login, check the web address located in the address bar and if you are suspicious contact the entity through the usual channels to ensure you are logging into a legitimate website
    • enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media
    • ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts
      check the strength of your passwords.

    For more information follow the guidance from the Victorian Government on how to recover from a data breach.

    Update 26 April 2024

    We are still working closely with OracleCMS and relevant agencies to investigate the data breach and understand what, if any, information has been impacted.

    Our systems were not compromised by the attack on Oracle CMS. OracleCMS provided confirmation to City of Port Phillip that no customer Personal Identifiable Information has been compromised.

    As the investigation continues, if we identify that the information of residents has been impacted, we will make direct contact to affected individuals immediately and provide tailored advice and support.

    We know data breaches can be distressing. We recommend that you stay updated on developments of the investigation on this website.

    The Australian Cyber Security Centre has a list of resources providing guidance on steps you can take to keep yourself cyber safe Protect yourself - Cyber.gov.au.

    Original statement 22 April 2024

    City of Port Phillip has been made aware of a cyber security incident involving OracleCMS, the contractor who manage customer calls to Council out of hours.

    Unfortunately, an unauthorised third party has gained access to a portion of OracleCMS data and published files online. Oracle CMS is working with government authorities and a cyber security expert to secure their systems and investigate the incident.

    City of Port Phillip systems have not been compromised and OracleCMS have confirmed that no City of Port Phillip customer details have been accessed.

    We take the privacy of our customers very seriously and are working closely with Oracle CMS to investigate what has occurred.

    If our customers are impacted, we will take every step possible to ensure that customers are notified.