The City of Sydney has been caught up in a significant data breach following a cyberattack on call centre operator OracleCMS by the notorious ransomware group Lockbit. OracleCMS, which provides customer management solutions across several Australian cities, was attacked earlier this month. The hackers posted about the breach on April 12, releasing sample documents and later dumping 60GB of data on the dark web after their April 16 deadline passed without a ransom being paid. The stolen data includes personal details of thousands of Australians and sensitive information from several local organizations, such as law firms, a real estate agency, and the Queensland branch of the Philadelphia Church of God.
City of Sydney officials have confirmed the incident, noting that OracleCMS is contracted to provide after-hours and overflow contact centre support for the city. While it appears no City of Sydney systems were directly breached, the data leak includes on-call mobile numbers of various OracleCMS clients and an Excel sheet with the location and meter ID of all parking meters in Sydney. Also compromised were the names and addresses of 2,000 subscribers to the Philadelphia Church of God’s Key of David program. An aged care center was also affected, with breached data including phone call details discussing illnesses and domestic violence incidents, though these calls are not personally identifiable.
Lockbit, responsible for nearly 20% of all reported Australian ransomware attacks from April 2022 to March 2023, is known for targeting hospitals, schools, businesses, and government entities. Despite international efforts to shut down its operations, including a police operation in February and the sentencing of a Lockbit member in Canada, the group continues to resurface and carry out attacks. The breach of OracleCMS and the subsequent data exposure highlight the ongoing threat posed by ransomware groups and the critical need for robust cybersecurity measures.
