Public Notification Register

Fairfield City Council experienced a cyber incident in October 2025 involving unauthorised third-party access to a portion of our IT environment.

10 October 2025.

This incident stemmed from the use of compromised credentials. We have reset all credentials across our system and implemented additional procedures to further bolster our existing security measures.

As soon as this incident was detected, a response team was quickly mobilised, and work began to ensure the security and integrity of our systems. We would like to assure you that the incident was swiftly contained, and our systems are secure. 

We have been working with external experts from across the cyber security industry in response to this incident and have also informed the relevant government agencies and law enforcement authorities, including the Information and Privacy Commission NSW (IPC), Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), and Cyber Security NSW.

To ensure we are taking all appropriate steps in response to this incident, we have conducted a detailed review to determine what data was involved and whether it contained any personal information. Our investigation has confirmed that this incident involved information relating to some of our staff and residents, who we are notifying so they can take appropriate steps in response.

Based on our review of the data, the following types of information were involved: 

• Contact information;
• Bank account information (account name, account number, and/or BSB number);
• Health information;
• Employment information; 
• Legal information; and
• Non-DVS identity cards or information.

Some of the steps you may consider taking to protect yourself include: 

• Review advice from the NSW Information and Privacy Commission about how to reduce your risk of harm when you are notified about a data breach (see Fact Sheet). 
• Remaining vigilant for scams, which are the most common risks associated with any unauthorised access to information. 
• Visit the NSW Government’s ID Support website and complete the personal information breach checklist.
• Be aware of contact from people you do not know. As a precaution, confirm who you are speaking to when making and taking phone calls or who you are dealing with by mail or email.

The type of action you take will depend on your personal circumstances and we encourage you to access the above resources if you have any concerns. 

Additionally, we have outlined further guidance below on action you can take to protect specific types of information involved in this incident. Importantly, individuals should consider what information they have previously provided to Fairfield City Council and only follow the guidance relevant to them.

Additional general resources on identity and cyber security support can be found here:

• https://www.ipc.nsw.gov.au/privacy/resources-citizens/data-breach-support
• https://www.oaic.gov.au/privacy/data-breaches/data-breach-support-and-resources/
• https://www.idcare.org/
• https://www.cyber.gov.au/protect-yourself
• https://www.cyber.gov.au/report-and-recover/have-you-been-hacked

If NSW individuals are concerned about the security of their identity or need additional assistance, they can contact ID Support NSW on 1800 001 040, Monday to Friday from 9.00am to 5.00pm. For more information, please visit the ID Support NSW website.

If you have concerns, you can seek an ‘internal review’ by Fairfield City Council by contacting our Privacy Officer at privacy@fairfieldcity.nsw.gov.au.

Applications for an internal review must be in writing (we recommend using the internal review application form developed by the NSW IPC).

Friday 6 February 2026. We will retain notifications in the register for a period of 12 months.

If you have any other questions, please refer to Fairfield City Council’s Privacy Statement or contact our Privacy Officer at privacy@fairfieldcity.nsw.gov.au.

There are some steps you can take to help protect yourself against these scams. We recommend you take the following steps:

Contact information (name, address, email address and/or phone number);

Where a third party has accessed your contact information, it is important to: 

• be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;
• when on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with https://;
• if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that legitimate organisations (i.e. financial institutions, government departments, etc) including Fairfield City Council will never contact you to ask for your username or password;
• enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
• ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts; 
• check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website here; and

• follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here.

For more information, you can visit the OAIC’s tips for further guidance about protecting your identity here. 

Bank account information (account name, account number, and/or BSB number)

• A BSB and account number does not present a direct misuse risk as they do not allow unauthorised access to your bank account. However, the BSB does identify who the financial institution is, which may make impersonation scam attempts appear more legitimate.
• Should you have any concerns, you can do the following:

• review your transaction history and bank account statements for any suspicious activity;
• contact your bank to report this event and flag any suspicious activity identified;
• where available use two-step authentication – such as SMS codes to your mobile phone;
• check your credit report yearly (this alerts you to any attempts to open a credit account in your name). Information about obtaining a credit report is provided below; and

• never respond to, open or click on links in emails purporting to be from your bank (it is always safer to call).

Health information

Health information for some of our stakeholders was involved. This information may include medical record numbers, healthcare identifier numbers, medical condition, and/or prescription information. Please carefully consider if you have previously provided this type of information to Fairfield City Council.

For context, cyber-criminals typically seek to misuse information that can be easily manipulated for financial gain (such as credit cards and identity documents for identity theft). For this reason, health information by itself is generally not useful to a cyber-criminal.

We know that it will be concerning to learn that your health information may have been accessed in this manner. Should you experience any anxiety or distress in relation to this, please seek medical advice from your regular treating physician or GP. 

If you would like more information about the health information related to you that may have been involved, you can contact us at privacy@fairfieldcity.nsw.gov.au.

You can apply for an annual free credit report from one of the consumer Credit Reporting Agencies below. 

You can also consider contacting the below credit reporting bodies to place a temporary ban on your credit report. This means that they will not be able to share your credit report with credit providers without your consent for 21 days (unless extended).