Fairfield City Council Hit by Ransomware Attack in October 2025, Seeks Injunction to Block Data Leak
In October 2025, Fairfield City Council, a western Sydney local government authority, suffered a ransomware attack that compromised sensitive data stored across its IT systems and a third-party NSW data center. The council first disclosed the incident on 16 October 2025, confirming unauthorized access to internal systems by an external threat actor.
By 6 February 2026, the council provided further details, revealing that the breach involved the exfiltration and encryption of personal data, including:
- Contact information
- Bank account details (account names, numbers, and BSBs)
- Health records
- Employment and legal information
- Non-DVS identity documents
The attack was detected on or around 8 October 2025, when unidentified hackers encrypted council servers and left a ransom note demanding payment in exchange for a decryptor and a pledge to withhold further attacks. The council engaged external cybersecurity experts and notified key agencies, including the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and Cyber Security NSW.
Despite the threat actor’s demands, Fairfield City Council refused to pay the ransom. On 12 March 2026, the NSW Supreme Court granted an injunction, ordering the hackers via the same chat room used for ransom negotiations to remove all stolen data from the internet and dark web and refrain from publishing or disseminating it. As of the latest updates, no leaked data has been identified online.
The council confirmed the incident was contained, and its systems are now secure, though the identity of the attackers remains unknown.
Fairfield City Council cybersecurity rating report: https://www.rankiteo.com/company/fairfield-city-council
"id": "FAI1773815351",
"linkid": "fairfield-city-council",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Government',
'location': 'Western Sydney, Australia',
'name': 'Fairfield City Council',
'type': 'Local government authority'}],
'customer_advisories': 'Public disclosures on 16 October 2025 and 6 February '
'2026',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Contact information',
'Bank account details',
'Health records',
'Employment and legal '
'information',
'Non-DVS identity documents']},
'date_detected': '2025-10-08',
'date_publicly_disclosed': '2025-10-16',
'description': 'In October 2025, Fairfield City Council, a western Sydney '
'local government authority, suffered a ransomware attack that '
'compromised sensitive data stored across its IT systems and a '
'third-party NSW data center. The attack involved unauthorized '
'access, data exfiltration, and encryption of personal and '
'sensitive information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data breach',
'data_compromised': 'Personal data, bank account details, health '
'records, employment and legal information, '
'non-DVS identity documents',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'operational_impact': 'System encryption, unauthorized access to '
'sensitive data',
'payment_information_risk': 'High',
'systems_affected': 'Council IT systems, third-party NSW data '
'center'},
'investigation_status': 'Ongoing (attackers unidentified)',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': True},
'references': [{'source': 'Fairfield City Council disclosures'}],
'regulatory_compliance': {'legal_actions': 'NSW Supreme Court injunction (12 '
'March 2026)',
'regulatory_notifications': ['Australian Cyber '
'Security Centre '
'(ACSC)',
'Office of the '
'Australian '
'Information '
'Commissioner (OAIC)',
'Cyber Security NSW']},
'response': {'communication_strategy': 'Public disclosures on 16 October 2025 '
'and 6 February 2026',
'containment_measures': 'Engagement of cybersecurity experts, '
'system containment',
'incident_response_plan_activated': True,
'recovery_measures': 'Systems secured post-incident',
'remediation_measures': 'System recovery, data restoration',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'Fairfield City Council Ransomware Attack',
'type': 'Ransomware'}