Moyne Shire Council has made a formal notification to the Victorian Information Commissioner and Victorian Department of Education and Training following a cyber security incident at the Koroit Kindergarten.
Council says that on 3 March, an unauthorised third party gained remote access for approximately 10 minutes to an electronic device at the kindergarten which stores enrolment information of children.
“Once identified, Council IT staff attended the kindergarten, isolated IT systems and collected all devices on site while waiting for advice from the Australian Cyber Security Centre – Cyber Incident Response Service,” Council CEO, Brett Davis said in a statement this afternoon.
Further analysis of all devices on-site has confirmed no information was downloaded or transferred to external parties, Mr Davis confirmed.
“Despite this, Council is obligated to make a formal report and has done so,” he said.
“Families have been notified of the incident and a full briefing has been provided to Councillors and the Audit and Risk Committee.
“Immediate actions following the incident have been to install further security features on all devices and staff will undergo refresher training in cyber-security procedures.”
He said Council will now work with relevant bodies to complete a full review of the incident and will implement any recommendations made by the Cyber Incident Response Service, Office of the Victorian Information Commissioner and Department of Education and Training.
“Council takes cyber security and the protection of data seriously, we are committed to full compliance with our obligations under the Privacy and Data Protection Act 2014.”
“Prior to this incident work was already underway to strengthen systems, policies, procedures and staff training given the changing way cyber-criminals are attempting to access data. This work is ongoing and will now incorporate any recommendations from the review of this incident,” Mr Davis said.
