Data security breach involving after-hours service provider

Baw Baw Shire Council is contacting residents after being notified of a cyber security incident involving an after-hours service provider, OracleCMS.

OracleCMS is a third-party supplier which Council uses as its after-hours phone call service provider.

When the community calls Baw Baw Shire Council’s customer service line outside of business hours, the call is diverted to OracleCMS who take the call on Council’s behalf and pass the message over to us.

Baw Baw Shire Council’s own systems and databases have not been accessed. This data breach relates to OracleCMS system only.

There are approximately 1,250 local contacts affected by the breach.

The data breach is from calls that were made to Council from June 2014 to January 2016.

The data is restricted to what was provided during the call – this may include customer contact information and call notes.

Baw Baw Shire Council has commenced contacting all local residents affected by the data breach.

Council has sent out information via SMS text messages and will personally call any elderly or vulnerable residents.

OracleCMS has been working with government authorities to investigate the incident which involves other organisations and local Councils.

Baw Baw Shire Council takes the privacy of our customers very seriously.

/Public Release. View in full here.