NOOSA Council was the victim of a sophisticated and well-organised cyber fraud, with a total loss of $1.9 million in December 2024, and news of the theft was only made public in early October 2025, almost a year since the fraud.

Noosa Council CEO Larry Sengstock has assured the Noosa community that Council has implemented significant improvements to its financial processes to safeguard against any future fraud attempts.

The Australian Federal Police Joint Policing Cybercrime Centre advised that this was a highly sophisticated, strategic, fraudulent incident. Council was unable to make any public comment on the matter during the initial investigation by AFP, Queensland Police and Interpol.

“The criminals used sophisticated social engineering AI techniques, but we won’t disclose specific details of how the fraud occurred to protect staff and to also highlight the criminals’ actions.

“Police say that these types of incidents are on the rise and should act as a warning for organisations to continually review their procedures.”

Mr Sengstock said no staff member is at fault and emphasised this was not a cyber-security attack.

Once notified, Council established its incident crisis response team and engaged external independent ICT experts to conduct a forensic investigation and confirm there was no breach of Council’s system, no personal data was taken, and no Council service was impacted.

“We acknowledge that vulnerabilities with our processes contributed to the incident, which were exploited by these criminals, and we have proactively implemented a raft of measures to improve processes, which have been recommended by the Queensland Audit Office.”

This includes investing in new software, tightening procedural controls, training and recruiting additional staff.

Mr Sengstock said Council notified the Queensland Audit Office (IOA) and the relevant state ministers of the reportable loss within the legislative timeframe as required under the Local Government Act 2012.

“This unfortunate incident and the increasing prevalence of artificial intelligence serve as a timely warning that all councils and businesses must be responsive to an ever-changing cyber threat landscape,
“Police tell us to ensure you are continually reviewing processes and to verify the legitimacy of any contact before making any sensitive changes.”

The incident is still being investigated by the AFP Joint Policing Cybercrime Coordination Centre.