Moyne Shire Council in Victoria said it had detected and shut down an unauthorised access incident on a device at a council-run kindergarten.
In a statement, the council said the incident occurred on March 3 and targeted an “electronic device… which stores enrolment information of children”.
The attacker had access for about 10 minutes, before council staff intervened and sought advice from the Australian Cyber Security Centre.
“Further analysis of all devices on-site has confirmed no information was downloaded or transferred to external parties,” the council said.
“Despite this, [the] council is obligated to make a formal report and has done so.
“Families have been notified of the incident and a full briefing has been provided to councillors and the audit and risk committee.”
Moyne Shire Council said that it had installed “further security features on all devices” following the incident, and that staff would be given “refresher training in cyber security procedures.”
“Prior to this incident work was already underway to strengthen systems, policies, procedures and staff training given the changing way cyber criminals are attempting to access data,” it said.
A “full review” of the incident is now underway, involving federal and state security, privacy and education authorities, and any recommendations would be incorporated into ongoing cyber security uplift efforts.