Council strengthens processes to safeguard against cyber fraud

Published on 13 October 2025

Picture of Noosa Council CEO Larry Sengstock

CEO Larry Sengstock has assured the Noosa community that Council has implemented significant improvements to its financial processes to safeguard against any future fraud attempts.

Council was the victim of a sophisticated and well-organised cyber fraud, with a total loss of $1.9 million in December 2024.

The Australian Federal Police Joint Policing Cybercrime Centre advised this was a highly sophisticated, strategic fraudulent incident.

Council was unable to make any public comment on the matter during the initial investigation by AFP, Queensland Police and Interpol.

“The criminals used sophisticated social engineering AI techniques but we won’t disclose specific details of how the fraud occurred to protect staff and from also highlighting the criminals’ actions," said Mr Sengstock (pictured).

“Police say that these types of incidents are on the rise and should act as a warning for organisations to continually review their procedures,” he said.

Mr Sengstock said no staff member is at fault and emphasised this was not a cyber-security attack.

Once notified, Council established its incident crisis response team and engaged external independent ICT experts to conduct a forensic investigation and confirm there was no breach of Council’s system, no personal data was taken, and no Council service was impacted.

“We acknowledge that vulnerabilities with our processes contributed to the incident which were exploited by these criminals," Mr Sengstock said.

“We have proactively implemented a raft of measures to improve processes, which have been recommended by the Queensland Audit Office."

This includes investing in new software, tightening procedural controls, training and recruiting additional staff. 

Mr Sengstock said Council notified the Queensland Audit Office (IOA) and the relevant state ministers of the reportable loss within the legislative timeframe as required under the Local Government Act 2012.

“This unfortunate incident and the increasing prevalence of artificial intelligence serves as a timely warning that all councils and businesses must be responsive to an ever-changing cyber threat landscape.

“Police tell us to ensure you are continually reviewing processes and verify the legitimacy of any contact before making any sensitive changes,” he said.

The incident is still being investigated by the AFP Joint Policing Cybercrime Coordination Centre.

For further details, read Message from the CEO regarding cyber fraud incident.

Tagged as:
Back to top