5 hours ago
1
A western Sydney council is communicating with anonymous hackers by sending Dropbox links into a chatroom, after it suffered a major data breach.
In October last year, Fairfield Council’s servers – which contained personal, financial and property information about councillors, ratepayers, residents and staff – were illegally accessed by hackers, who are assumed to be located outside Australia.
The council “discovered a ransom note which claimed that the plaintiff’s network/system had been encrypted, that the unnamed persons had downloaded compromising and sensitive data” with a threat to publish the data if the council didn’t communicate or come to an agreement with the group “only through a specified chatroom”, according to a court judgment first reported by technology newsletter The Sizzle.
The hackers demanded payment – but their identity and location are still a mystery.
In November, the council commenced urgent legal proceedings against the “persons unknown”. It was granted permission by the court to provide legal papers to the hackers by sending a Dropbox link into the chatroom.
“As soon as this incident was detected, a response team was quickly mobilised, and work began to ensure the security and integrity of our systems,” the council said in an alert on its website.
“We would also like to assure our community that, at this time, we have not detected any misuse or disclosure of any data, and we have put sophisticated monitoring in place to keep us informed of any activity.”
A spokesperson for the council declined to answer specific questions about whether the incident reflected on the council’s cybersecurity infrastructure failings or if the organisation had the ability and funds to protect against sophisticated online security issues.
The incident reflects the growing cost and struggle local councils have in protecting residents against online threats.
A report by the NSW Auditor-General into local government last year identified cybersecurity as a major weakness across the state.
“Councils have critical weaknesses in managing supply chain risks,” the report read. “Policies and processes for assessing the cybersecurity exposure of technology assets are inadequate, and monitoring of cybersecurity investments and their associated benefits is limited.”
Blacktown Council chief executive Kerry Robinson earlier this year told an industry conference that councils were struggling to afford the great increase in online security costs with a rate that has been effectively capped since 1978.
“Our building in 1978 had no computers in it. We spent $3 million on cybersecurity last year,” he said. “So effectively, we took $3 million out of service delivery because the state caps our rates, and we can’t have a sensible conversation with our community, including the development and business community of Blacktown, about the services which should be delivered.”
Be the first to know when major news happens. Sign up for breaking news alerts on email or turn on notifications in the app.
