Calls for more details, greater transparency and accountability mixed with concerns releasing more information would encourage copycat criminals or expose staff members, dominated discussion at Noosa Council’s ordinary meeting in relation to last week’s announcement council was defrauded of $1.9million.
After several hours of discussion the council majority voted to take note of staff’s one page report on the major fraud incident and commit to releasing a publicly accessible follow-up report by December, “addressing key questions raised by the community and outlining key findings, actions taken and lessons learned subject to legal and privacy obligations“.
The meeting heard Council had been the victim in December 2024 of a major fraud incident, perpetrated by an international criminal organisation currently under investigation by Australian Federal Police and Interpol, and defrauded originally of $2.3 million with $400,000 recouped.
The council report says an initial investigation conducted after council was alerted to the fraud revealed “there was no breach of council’s systems, no personal data was stolen, nor any rate payer personal information was accessed and there was no impact on Council services“.
Council reported the incident to authorities including the Queensland Audit Office (QAO) which recommended further internal controls to mitigate the risk of this type of incident happening again. Council has substantially implemented these recommendations and in addition is also in the process of installing a third-party software system to provide an extra level of security in fraud prevention, the report stated.
The perpetrators used social engineering techniques that were sophisticated, strategic and targeted and council was directed, at the time of the incident, to not publicly disclose any information related to the incident so as not to compromise the ongoing investigation.
Cr Brian Stockwell, who voted against a follow-up report by December, said while councillors already knew more than the community about the fraud incident, they also knew because of limitations of what they can say, the report by December was going to be very similar to the one that was put forward to the meeting.
“We know you’d like to know what happened. It increases the risk to our and other organisations,“ he said.
“Criminals, hacked our organisations and just like bankrobbers with guns took a lot of money. We followed every recommendation to date to try and stop the modern day bankrobber. There’s 60,000 victims of this crime – all our residents and ratepayers. It does make you angry when criminals take money. The issue we have here is this organisation has responded to this incident and adopted the best practice possible.“
However Cr Nicola Wilson who is one of two councillors along with Cr Tom Wegener, on council’s audit and risk committee, said she believed the community deserved accountability and transparency on this matter.
“As a member of the audit and risk committee I will be asking for a deep dive, a forensic investigation,“ she said.
“This could have been prevented. Responding to the QAO recommendations means there were gaps. We need to find out more about what went wrong and share that. It was avoidable and we need to do better. We need to be accountable and transparent about what happened. We can’t just say it was AI, we need to share what we have with the public.“
A staff member said there would be some information they wouldn’t be able to release to protect their staff and protect the risk of the fraud occurring again.
