Details of the public notification for any notifiable data breach within the past 12 months under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) will be listed below.
A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly
Date the breach occurred
1 October 2024
Description of the breach
Single mailbox in Tourism Department compromised. Email was used to send spam. Data within mailbox accessible by cybercriminal.
How the breach occurred
Staff member fell victim to a phishing email.
Type of breach that occurred
Business Email Compromise
Personal information that was the subject of the breach
Financial Details, Tax File Number, Identity Information, Contact Information, Health Information.
Amount of time the personal information was disclosed for
Cyber Criminal had access to the mailbox for one (1) week, however data could have been exfiltrated from mailbox.
Actions that have been taken or are planned to ensure the personal information is secure, or to control or mitigate the harm done to the individual
Access to the mailbox was revoked as soon as it was breach was identified.
Mailbox was analysed to identify the extent of the data accessed.
Internal processes have been updated to prevent public facing staff (Visitor Centre, Community Hub) from scanning documents on behalf of the Public.
Internal forms and processes have been updated to ensure New Supplier Forms are removed from mailbox after processing.
Staff to undertake additional cyber awareness training.
Notify affected individuals.
Recommendations about the steps the individual should take in response to the eligible data breach
Making a privacy-related complaint
If an affected party wishes to request an internal review, under the Privacy and Personal Information Protection Act 1998, you can do so by writing to :
The General Manager Weddin Shire Council PO BOX 125 GRENFELL NSW 2810 or by lodging a complaint with the Information and Privacy Commission of NSW:
If you have an enquiry about a breach listed above, please contact mail@weddin.nsw.gov.au or by mail to: PO BOX 125 GRENFELL NSW 2810.