Moyne Shire Council on Friday released further details about the attack on Koroit Kindergarten.

Chief executive Brett Davis said an unauthorised third party gained remote access to an electronic device which stores children’s enrolment information for approximately ten minutes on March 3.

“Once identified Council IT staff attended the kindergarten, isolated IT systems and collected all devices on site while waiting for advice from the Australian Cyber Security Centre – Cyber Incident Response Service,” Mr Davis said.

“Further analysis of all devices on-site has confirmed no information was downloaded or transferred to external parties,” he said.

“Despite this Council is obligated to make a formal report and has done so.

“Families have been notified of the incident and a full briefing has been provided to Councillors and the Audit and Risk Committee.”

Mr Davis said immediate actions following the incident were to install further security features on all devices and staff will undergo refresher training in cyber-security procedures.

“Council will now work with relevant bodies to complete a full review of the incident and will implement any recommendations made by the Cyber Incident Response Service, Office of the Victorian Information Commissioner and Department of Education and Training,” Mr Davis said.

Mr Davis said council took “cyber security and the protection of data seriously” and was “committed to full compliance with our obligations under the Privacy and Data Protection Act 2014”.

Prior to the cyber attack, work was already underway to strengthen systems, policies, procedures and staff training given the changing way cyber-criminals are attempting to access data.

“This work is ongoing and will now incorporate any recommendations from the review of this incident,” Mr Davis said.

More Coverage

Plan to ease ‘extreme’ school traffic revealed

Jack Colantuono

Fraudster ordered to pay back almost $111k

Jack Colantuono