Cyber Security Incident Update

An investigation into a cyber security incident involving OracleCMS, who manage out-of-hours customer calls to the Shire, has now concluded.

The incident involved unauthorised access to OracleCMS systems, and the theft of data which was then published online.

The review of the data has confirmed that it is mostly historical data dating from 2015 to 2020 (with the majority of the data from 2015), which contained personal information such as the name and phone number of the person contacting our out-of-hours service to report an issue. In some instances, a street address, often relating to where an out-of-hours issue was identified, was also involved.

No financial information or passwords were contained in the information collected.

A statement by OracleCMS is available: OracleCMS Cyber Incident

Next steps

The Shire has engaged the services of IDCARE, Australia’s national identity and cyber support community service. They have expert case managers who can work to address concerns in relation to personal information risks and any instances where information may have been misused.

IDCARE’s services are at no cost.

If you wish to seek advice from IDCARE in relation to this incident, please complete an online Get Help form at and they will make contact with you.

Note IDCARE specialist Case Managers are available from 9am-5pm AEST Monday to Friday, excluding public holidays.

When engaging IDCARE use the referral code CMSVGMPSC24.

Stay cyber safe

We will never contact community members to ask for usernames or passwords. If someone says they are from the Shire and trying to do so, it is a scam. If a third party may have accessed contact information, it is important to:

  • be aware of telephone and text-based scams
  • not share your personal information with anyone unless you are confident about who you are sharing it with
  • use strong passwords

/Public Release. View in full here.