Noosa Council has been the victim of a major fraud incident, perpetrated by international criminal gangs currently under investigation by Australian Federal Police and Interpol, and resulting in the lost of $1.9 million.
Council CEO Larry Sengstock said the fraud, which occurred during the 2024 Christmas period, was not related to cyber security and did not result in a breach of council systems.
“No data was stolen and there was no impact to the public or our services. This has been confirmed by external forensic IT experts engaged by Council to ensure ratepayers were protected,” Mr Sengstock said.
“Once being alerted to this fraud; we established our incident crisis response team and immediately reviewed our operating procedures to ensure that processes were improved, and any risk of future fraud was minimised.
“We have been unable to bring this to public attention until now, as when police initially alerted us to the fraud, they directed us not to publicly disclose any information so as not to compromise their ongoing investigation.
“While we couldn’t go public, Council did report the incident to Queensland Audit Office (QAO) and relevant Ministers, in line with our statutory local government requirements.
“We managed to recover some funds making the total value of the loss $1.9 million.”
Mr Sengstock said the international criminals who perpetuated the fraud were, unbeknown to council, already under investigation and they have been advised these investigations are ongoing.
“The criminals used social engineering AI techniques and we will not go into specifics to avoid revealing the tactics of the criminals, and because of our legal obligation to protect council staff. However, we can reveal that the fraudulent activity was sophisticated, strategic, and targeted. We can also confirm that no Council staff were at fault or involved in the criminal activities,” he said.
“Despite having process and procedures to mitigate this type of event, unfortunately in this instance they were not effective enough, as this crime was committed by highly organised, professional criminals who found a way through our processes.”
Queensland Audit Office has since recommended several measures to Council to further improve their processes, and these recommendations have been implemented.
“We are also in the process of installing additional third-party software to add another level of control,” Mr Sengstock said.
“Council takes its financial responsibility very seriously and on behalf of management I am sorry that this has happened. This incident also serves as a warning to other councils and local businesses to be on their guard, and to continually review processes around all financial procedures. Unfortunately, as we are seeing every day in the media, scams and frauds are on the rise, and many companies and organisations are being targeted.
“While we are very disappointed this has happened and are doing all in our power to ensure we minimise the risk as much as possible, so this doesn’t happen again, we are thankful that in this instance no one in our community was directly affected and there was no impact on Council’s operational functions or projects.”
