In short:
More than 40,000 documents were taken from Wattle Range Council on SA’s Limestone Coast.
An expert says councils are under-resourced and need more support when it comes to cybersecurity.
What’s next?
Investigations into the incident are still ongoing, but no confidential documents are believed to have been taken.
A cybersecurity specialist says ratepayer information is a target for criminals, after thousands of documents were taken from a council on South Australia’s Limestone Coast.
Wattle Range Mayor Des Noll said council understood a “small amount” of data, about 43,000 files, had been taken from an old server.
“It was things like rate notices and very minor data — data that’s publicly accessible,” he said.
“At this point we haven’t detected anything that was confidential.”
Last Friday the council became aware that it had been named in a post on the dark web, alongside a sample of the stolen data.
Mr Noll said the perpetrators had demanded a ransom payment from the council.
“Legislatively, we’re not allowed to pay demands, and we’d never anticipate paying demands,” he said.
Council staff noticed the breach, but Mr Noll said they had not determined how the information was taken.
“That’s being worked through with the relevant state and federal government authorities,” Mr Noll said.
The council has been working to migrate its computing systems to a more “modern” and “secure” platform to make its data safer.
Councils an easy target
Cybersecurity incidents have been reported at councils across Australia, including in Adelaide, in recent years.
Cybersecurity practice professor at Edith Cowan University, Paul Haskell-Dowland, said local government was an attractive target for cyber criminals.
“They have high-value information that can be resold, but they’re also offering critical services,” he said.
“Plus, we shouldn’t underestimate the opportunity to pivot from local government systems into state government, or indeed federal [government systems].”
Professor Haskell-Dowland said councils, particularly small regional councils, were often under resourced when it came to IT.
“It is likely that we see unreported incidents that we don’t know about,” he said.
Professor Haskell-Dowland said while organisations may be tempted to pay a ransom the federal government strongly recommended against it.
“I think it’s very unlikely that a local, state or federal government entity would publicly be seen to be paying a ransom to a cyber criminal gang,” he said.
Cybersecurity a priority
A spokesperson from the state’s Local Government Association (LGA) said councils were not immune to the threat of cyber attacks.
“Councils have robust protections and security measures in place to protect sensitive information and data, however despite these safeguards, cyber attacks do occur,” they said.
The spokesperson said the LGA had policies, guidelines and strategies which councils could use to complement their own cybersecurity processes.
Professor Haskell-Dowland said a lot of the methods to protect against cyber attack were simple — ensuring systems are up to date, passwords are changed regularly and that passwords are complex.
He said big organisations use other cybersecurity safeguards, including security platforms like Crowdstrike, to protect their IT environments.
‘Having an impact’
But increasingly, Professor Haskell-Dowland said, state governments were providing cybersecurity support to local government.
“It’s very much something that is increasing, and is certainly having impact,” he said
“We’re seeing a bit of an improvement in the chances of being able to stop these attacks and being able to defend when they do occur.”
An Australian Signals Directorate (ASD) spokesperson said organisations and households needed to prioritise cybersecurity.
“ASD monitors the threat environment and publishes cybersecurity alerts and advisories, including identified vulnerabilities with patch recommendations,” they said.
Get our local newsletter, delivered free each Friday