Skip to content

Data Breach Incident Involving Oracle CMS

24 May 2024

Merri-bek City Council has been notified of a cyber security incident involving OracleCMS.

OracleCMS is a third-party supplier who supports Council in responding to calls made to our Customer Service Centre after hours and at other times as needed.

OracleCMS is used by many local councils across Victoria and we understand this issue is affecting a number of organisations including other councils. 

OracleCMS informed Council in April that there had been a cyber security incident where identifiable information of customers had been compromised. Until last week we were informed that Council’s customer data was not involved.

Council has now been informed that the OracleCMS data breach does include records of calls handled by OracleCMS on Council’s behalf.

We take the privacy of our customers very seriously and we are taking urgent action to address this issue.

When OracleCMS takes calls on Council’s behalf, the calls may include the collection of personal details, including name, phone number, email or address. At this stage we have been advised that the data is very unlikely to include sensitive financial information.

We are in the process of reviewing the data and we will contact affected customers directly to advise them of the breach and provide tailored advice and support.

We have also engaged IDCARE, Australia’s national identity and cyber support community service, to support any customers affected, free of charge to customers.

Merri-bek City Council’s own systems and databases have not been accessed. This data breach relates to OracleCMS systems only.

Council is working with OracleCMS, government authorities and the IDCARE cyber support service to address this incident and provide advice and support to affected customers.

We apologise for any concerns or inconvenience this incident may cause.

For more information, email: or phone 9240 1111, Monday to Friday, 8.30am-5.00pm.