OracleCMS Cyber Incident


OracleCMS’ response to the recent cyber incident continues to progress, with external experts guiding our investigation to ensure we have a comprehensive overview of all potentially impacted data. This work is now at an advanced stage.


In concert with this investigation, some of our clients are now moving to notify individuals and provide them with steps that provide added protection from the risk of data misuse. OracleCMS is supporting these efforts where possible, while also collaborating with any clients still working to determine whether they need to take similar steps.


Meanwhile, external experts have now completed a forensic investigation. OracleCMS is now in the position to confirm:

  • External Cyber Security experts have found no evidence of ongoing malicious activity within our IT environment;
  • We successfully enacted a series of containment measures to provide reassurance to our clients; and
  • An External Vulnerability Assessment and Penetration Test found no critical, high, medium or low vulnerabilities of our in-scope external-facing systems.


Again, we apologise for any concern caused by this incident, and reiterate our determination to support all those impacted in line with both our obligations, and those of our partners.


As this incident involved an unauthorised third-party gaining access to a portion of OracleCMS’ data before publishing files online, we wish to again share advice around how to protect yourself from the risk of data misuse, should your basic contact information be shared online. This can be found below.


For further information, please contact our dedicated response team on [email protected] or call 0390 913 922 between 9am and 6pm, Monday to Friday.



Stay Cyber Safe


Where a third party has accessed, downloaded or disclosed your contact information, it is important to:


  • be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;
  • when on a webpage asking for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://;
  • if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;
  • enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
  • ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;
  • check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website:; and
  • follow the Australian Competition and Consumer Commission’s Scamwatch guidance for protecting yourself from scams here:


For more information, you can visit the OAIC’s tips for further guidance about protecting your identity:

Call Now
Request Callback