Message from the CEO regarding cyber fraud incident

Published on 13 October 2025

Picture of Noosa Council CEO Larry Sengstock

During the 2024 Christmas period Noosa Council was the victim of a major fraud incident, perpetrated by international criminal gangs currently under investigation by Australian Federal Police and Interpol.

I want to emphasise that this fraud was not related to cyber security. Council systems were not breached or affected, no data was stolen and there was no impact to the public or our services. This has been confirmed by external forensic IT experts engaged by Council to ensure ratepayers were protected.

Once being alerted to this fraud; we established our incident crisis response team and immediately reviewed our operating procedures to ensure that processes were improved, and any risk of future fraud was minimised.

We have been unable to bring this to public attention until now, as when police initially alerted us to the fraud, they directed us not to publicly disclose any information so as not to compromise their ongoing investigation.

While we couldn’t go public, Council did report the incident to Queensland Audit Office (QAO) and relevant Ministers, in line with our statutory local government requirements.

We managed to recover some funds making the total value of the loss $1.9 million. This fraud was perpetrated by international criminals who were - unbeknown to Council - already under investigation. We have been advised that these investigations are ongoing.

The criminals used social engineering AI techniques and we will not go into specifics to avoid revealing the tactics of the criminals, and because of our legal obligation to protect Council staff. However, we can reveal that the fraudulent activity was sophisticated, strategic, and targeted. We can also confirm that no Council staff were at fault or involved in the criminal activities.

Despite having processes and procedures to mitigate this type of event, unfortunately in this instance they were not effective enough, as this crime was committed by highly organised, professional criminals who found a way through our processes.

Queensland Audit Office has since recommended several measures to further improve our processes, and we have substantially implemented these recommendations. We are also in the process of installing additional third-party software to add another level of control.

Council takes its financial responsibility very seriously and on behalf of management I am sorry that this has happened. This incident also serves as a warning to other councils and local businesses to be on their guard, and to continually review processes around all financial procedures. Unfortunately, as we are seeing every day in the media, scams and frauds are on the rise, and many companies and organisations are being targeted.

While we are very disappointed this has happened and are doing all in our power to ensure we minimise the risk as much as possible, so this doesn’t happen again, we are thankful that in this instance no one in our community was directly affected and there was no impact on Council’s operational functions or projects.

CEO Larry Sengstock discusses the cyber fraud incident: