Noosa Council CEO Larry Sengstock has provided an update on Noosa Council’s $1.9 fraud incident prior to a report being delivered to council’s ordinary meeting on Thursday 18 December:
Since the calculated fraud attack which targeted our Council in December 2024, we’ve successfully recovered a further $200,000, bringing the total amount recovered to $640,000.
This reduces the original $2.3 million loss to $1.7 million. I want to reassure the community that while this is a lot of money, it’s had no impact on the delivery of Council projects or services. The services you rightly expect and rely on have not been affected.
Cyber fraud is a global challenge.
This was not a cyber security attack. There was no breach of Council’s system and no personal data taken.
In this case, the criminals used sophisticated social engineering tactics to impersonate a legitimate supplier and manipulate staff into changing banking and contact details.
While human error played a part, as CEO, I take full responsibility, with the wellbeing of our staff a high priority.
Our team works hard for you every day and deserves respect and kindness as we learn from this incident and move forward.
Since the attack, we’ve taken considerable steps to improve processes.
An updated report to the community will be tabled at Thursday’s Ordinary Meeting. It includes a detailed analysis of the incident, the lessons we’ve learned and the corrective actions we’re implementing.
The matter has been thoroughly investigated by Queensland Police and the Joint Policing Cybercrime Coordination Centre.
The report can be accessed on Noosa Council website.
So, here’s what we’ve put in place:
Third-party payment protection software (Eftsure) to validate banking details.
Conducting regular mandatory cyber-fraud training to better equip our staff for such activities.
Strengthening processes for updating, maintaining and securing the vendor Masterfile.
Establishing an independent, risk-based financial accountability program to review and audit the accuracy and proper use of financial information.
We have met all reporting obligations and implemented every recommendation from the Queensland Audit Office.
Once again, thanks for your patience as we navigate the fallout from this crime, care for our staff and do all we can to support the community.
