Fairfield Council Rocked by Major Data Breach

Fairfield Council in western Sydney experienced a major data breach in October 2025. Servers containing personal, financial, and property information belonging to councillors, ratepayers, residents, and staff were illegally accessed by anonymous hackers, believed to be located outside Australia.

Ransom Demands and Unprecedented Legal Action

Following the breach, a ransom note was discovered. The note claimed the council's network was encrypted and sensitive data had been downloaded. The hackers threatened to publish this data unless the council communicated and reached an agreement exclusively through a specified chatroom, where they also demanded payment. The identity and location of the hackers remain unknown.

In November 2025, the council initiated urgent legal proceedings against these "persons unknown." The court granted permission for the council to serve legal papers to the hackers by sending a Dropbox link into the designated chatroom.

Council's Immediate Response and Broader Challenges

Fairfield Council stated that a response team was quickly mobilized to ensure system security and integrity.

As of now, no misuse or disclosure of data has been detected, and sophisticated monitoring is in place.

A spokesperson for the council declined to provide specific comments regarding the organization's cybersecurity infrastructure or its capacity to defend against advanced online security threats.

This incident highlights the increasing challenges and costs faced by local councils in protecting resident data from online threats. A report by the NSW Auditor-General in the previous year identified cybersecurity as a significant vulnerability across local governments in the state. Blacktown Council CEO Kerry Robinson noted that councils struggle to afford escalating online security costs due to rate caps in place since 1978.