Government entities in Queensland unaware of cybersecurity vulnerabilities, audit office report finds

Staff Editor 2026-03-25
Government entities in Queensland unaware of cybersecurity vulnerabilities, audit office report finds

Government entities in Queensland unaware of cybersecurity vulnerabilities, audit office report finds

https://www.abc.net.au/news/2026-03-26/queensland-cybersecurity-audit-highights-gaps/106497032

Publish Date: 2026-03-25 22:50:00

Source Domain: www.abc.net.au

A cybersecurity audit has gained the “highest level of access” to two government entities in Queensland, highlighting serious gaps in the systems.

The auditor-general tested the effectiveness of a state government, local government, and statutory body’s IT security controls.

Its report noted the entities did not know “how vulnerable” they were to third-party cybersecurity threats.

“In each of the entities, we were able to obtain passwords, access systems, and extract sensitive information outside the intended scope of a third-party user,” the report said.

“For two of them, we were able to bypass controls and gain the highest level of access to their IT environments.”

The report found increasing frequency and sophistication of cyber attacks could expose entities that had weak cybersecurity.

“Entities that do not manage these risks effectively may experience a cyber attack through a third party, leading to a loss of privacy, financial cost, reputational damage, and other ramifications.”

As a result of the lack of mitigation controls, the auditor-general noted the entities could not understand the extent of their supply chain risks.

Contracts were also found to be a significant security gap.

“Only two of 36 contracts we reviewed included requirements for third parties to report their cybersecurity incidents and vulnerabilities,” the report said.

“This means that entities can have risks that they are unaware of and therefore cannot effectively manage.”

Risks raised five years ago

The auditor-general also assessed how the Queensland government’s housing department, customer services and open data department managed cybersecurity risks in the public sector.

Queensland councils scammed out of millions despite warnings

A year after Gold Coast Council was victim to a fraud attack, Noosa Council was also targeted by a sophisticated artificial intelligence scam. 

It found the latter was not actively assessing or monitoring third parties’ cyber capability.

“CDSB [Customer Services, Open…

Source

More Stories

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

Staff Editor 2026-06-07
Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Staff Editor 2026-06-07
DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy