OracleCMS Attack Leads To Major Victorian Cities Data Breach

's official disclosure indicates the breach involved corporate data, contract details, invoices, and triage workflows.

by Alan Joseph April 22, 2024 in Cybersecurity News Reading Time: 3 mins read 0

591 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

Several Victorian councils confirmed that their data had been exposed to the public, after their third-party OracleCMS call center operator had been breached. The compromised data from the customer services vendor may extend beyond the .

OracleCMS, (not to be confused with Oracle corporation) is an Australia-based localized provider of customer care solutions and call center services.

According to the OracleCMS official disclosure, the breached information may include ‘corporate information, contract details, invoices, and triage process workflows'. Last week, the LockBit #ransomware group mentioned OracleCMS as a victim on its official leak site.

Authorities Issue Data Breach Notices on Official Sites After Victorian Cities Data Breach

Source: Shutterstock

Local governments entities are among those affected by the OracleCMS breach, with many of them conducting investigations into the incident over the weekend. Some affected entities instructed the OracleCMS provider to not to collect any further information information during the interim and requested direct transfer of urgent calls, including after-hour calls to their staff until further notice.

The affected cities that are known to have issued official data breach notices include: , , , and the

Earlier, LockBit had published some sample data such as bills associated with OracleCMS, giving the group until April 16th to negotiate with the group, with no ransom amount being publicly mentioned.

The group had then published more than 60 gigabytes of leaked data contained within a single compressed archive. A “Clients” directory from the leaked data included more than 50 different folders of organizations ranging from local city councils to senior citizen care services.

The Australian publication Cyber Daily stated that more than a dozen local councils were on the list, including the Campbelltown Council, Tweed Shire Council, Dandenong City Council, among various other government entities.

Other clients included within the leak include several different law firms, a real estate agent giant, and the Queensland branch of the Philadelphia Church of God.

OracleCMS Issues Several Safety Recommendations After Victorian Cities Data Breach

Source: Shutterstock

OracleCMS confirmed a cyber security incident had occurred where an unauthorised party gained access to a portion of its data and published the leaked data online. After discovering the incident, OracleCMS approached cyber security experts to aid in securing its systems and in conducting an official investigation.

The site states that basic contact information could be extracted from contracts and invoices appearing in the breach, but  advised that the data presented ‘a low risk of misuse.

The organization stated that it had contacted clients which it had identified as being impacted, and would work with them to issue further notification and support to affected parties and individuals.

OracleCMS apologized for the incident and affirmed its commitment to keeping stakeholders updated during the on-going incident response and investigation. The site issued several recommendations to affected parties to stay safe from the fallout of the data breach.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button