Muswellbrook Shire Council has completed an investigation into a cyber incident which occurred late last year. The incident involved an unauthorised third-party accessing data on a portion of Council’s IT environment and disclosing it online.
We worked as a priority to determine exactly what this dataset contained as part of a detailed and comprehensive review.
From our investigations and review of the data, we can confirm that the majority of data related to internal Council operations and procedures, as well as some customer and staff information.
We are currently in the process of notifying affected individuals. If you do not receive a notification from Council, then there is nothing you need to do regarding this incident.
Council takes cybersecurity extremely seriously and have notified the Australian Cyber Security Centre (ACSC), the NSW Information and Privacy Commissioner (NSW IPC) and the Office of the Australian Information Commissioner (OAIC) about this incident.
We understand this news may cause concern and we want to thank our staff, residents and other stakeholders for their ongoing support as we work to resolve this as swiftly as possible.
Frequently asked questions are available below. However, if you have a specific incident enquiry, you can contact our dedicated response team at enquiry@muswellbrook.nsw.gov.au.
FAQs
TopMuswellbrook Shire Council experienced a cyber incident involving unauthorised access to our IT environment late last year.
As soon as this incident was detected, Council worked to swiftly restore impacted systems and began an investigation to determine what happened.
Following the cyber incident, Muswellbrook Shire Council detected that a third party disclosed a dataset online alongside claims this data was taken from our IT environment.
We took this incident extremely seriously and conducted a detailed and comprehensive investigation and review of the impacted data, with the support of external experts.
We are currently in the process of notifying affected individuals.
If you do not receive a notification from the council, then there is nothing that you need to do regarding this incident.
We have also notified the Australian Cyber Security Centre (ACSC), the NSW Information and Privacy Commissioner (NSW IPC) and the Office of the Australian Information Commissioner (OAIC) about this incident.
All Council systems have been reinstated.
From our investigations and review of the data, the impacted data primarily relates to internal Council operations and procedures, some customer information and some information relating to our staff.
There is no reason to restrict communications with Muswellbrook Shire Council.
We recommend that you remain vigilant against potential phishing emails and other scam communications, including from organisations purporting to be from Muswellbrook Shire Council.
We have been working with external cyber security experts to put additional security measures in place to prevent recurrence.
Muswellbrook Shire Council is committed to continuously reviewing, testing and improving our IT systems and networks.
