Cyber security incident

Published on 23 May 2024

Data on a screen

Kingston Council has been made aware of a cyber security incident involving OracleCMS, which manages customer calls to Council outside of our regular opening hours.

When people call Kingston Council outside of regular business hours, OracleCMS takes the call on our behalf. Depending on the nature of the call, they may collect personal information, including the caller’s name, phone number, email, and address.

Oracle CMS provides this service to many Councils, State Government departments and private sector companies right across Australia. Oracle CMS has advised its customers that an unauthorised third party has gained access to a portion of OracleCMS’s data and published files online.

Oracle CMS is working with government authorities and cyber security experts to secure their systems and investigate the incident.

Kingston Council is also working to determine how, and how many, of our customers may have been impacted.  At this stage we understand Kingston’s impacted customer information is considered ‘low risk’ with no financial data provided and very few instances of accompanying email address data. Direct notifications will be provided to these customers by Kingston Council. The vast majority of records examined so far reveal limited personally identifiable information.

We will continue working closely with the Municipal Association of Victoria and the Victorian Government as a large number of other councils and government agencies are also impacted.

We take the security of our customers information very seriously and apologise for the concern this may cause to our customers.

If you require any support, please contact IDCARE – Australia’s national identity and cyber support community service organisation, which has been appointed to assist customers impacted by the OracleCMS breach. Find out more at

Council is still providing the essential after-hours service while this matter is investigated. As a precaution, we have instructed OracleCMS not to store any customer information on their systems. 

Instead, any information collected from customers in order to action their query, will only be directly entered into a secure online form with all data stored directly on City of Kingston systems.

Stay Cyber Safe

We will never contact you to ask for usernames or passwords. If a third party may have accessed your contact information, it is important to:

  • Be aware of telephone and text-based scams.  If contacted by someone reporting to be a Kingston Council representative and you have doubts, offer to call them back via our Customer Service line on 1300 653 356.
  • Do not share your personal information with anyone unless you are confident about who you are sharing it with.
  • If you are asked to login, check the web address located in the address bar and if you are suspicious contact the entity through the usual channels to ensure you are logging into a legitimate website.
  • Enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media.
  • Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.
  • Check the strength of your passwords.

For more information follow the guidance from the Victorian Government on how to Recover from a data breach | (


Tagged as: