Noosa Council has now recovered $640,000 since being hit by a major fraud incident a year ago.
Council CEO Larry Sengstock said the criminals used sophisticated social engineering tactics to impersonate a legitimate supplier and manipulate staff into changing banking and contact details in December 2024.
There is still $1.7-million that hasn’t been recovered.
In an update, Mr Sengstock said he wants to reassure the community that while this is a lot of money, it’s had no impact on the delivery of Council projects or services.
He again pointed out it was not a cyber security attack, there was no breach of Council’s system and no personal data was taken.
“While human error played a part, as CEO, I take full responsibility, with the well being of our staff a high priority.
“Our team works hard for you every day and deserves respect and kindness as we learn from this incident and move forward.
“Since the attack, we’ve taken considerable steps to improve processes,” Mr Sengstock said.
An updated report to the community will be tabled at today’s Ordinary Meeting of Council.
It includes a detailed analysis of the incident, the lessons learned and the corrective actions being implemented.
Council has introduced third-party payment protection software (Eftsure) to validate banking details, it’s conducting regular mandatory cyber-fraud training to better equip staff to identify fraudulent activities.
It has also establish an independent, risk-based financial accountability program to review and audit the accuracy and proper use of financial information.
Mr Sengstock said the matter has been thoroughly investigated by Queensland Police and the Joint Policing Cybercrime Coordination Centre.
“We have met all reporting obligations and implemented every recommendation from the Queensland Audit Office.
“Once again, thanks for your patience as we navigate the fallout from this crime, care for our staff and do all we can to support the community,” he said.
