The names, addresses, dates of birth, tax file numbers and banking details of up to 80,000 State Government employees have been stolen in a massive ransomware cyber attack.
Treasurer Rob Lucas this afternoon said that the State Government was told yesterday that its external payroll software provider, Frontier Software, had been hit by a major ransomware attack and that “significant personal information of SA Government employees” had been stolen.
Lucas said the news came after Frontier told the government that some state government data had been stolen from its network and published on the dark web.
“I have been advised that the records of at least 38,000 employees were accessed and that up to 80,000 employees might have been accessed,” Lucas said.
“The Government is currently working with Frontier to try and establish a more accurate estimate.
“We can confirm that no Department for Education employees are affected.”
Lucas said the state government employee data accessed by hackers contained first and last names, birth date, home address, tax file number, bank account, payment and superannuation details.
He urged employees to take immediate steps to reduce their risk of fraudulent activity by:
Contacting their financial institution, monitoring statements for any unauthorised transactions and consider adding additional security, including changing passwords and activating two-factor authorisation.
Being alert to any emails, text messages or phone calls from people requesting personal or account information, including access to devices and not responding to any requests until they make enquiries with the organisation the contact claims to be from.
Lucas said the government had partnered with cybersecurity support service, IDCARE, to work with employees to develop a specific response plan and provide personal support throughout the process.
“All public sector employees have been sent an email, which I am advised details the level of information that was accessed and provides information on how to access help and support,” he said.
“In addition, employees can access further information at SA.GOV.AU where the government will provide regular updates as new information becomes known.
“We are deeply disappointed that this breach occurred and are working closely with Frontier Software to investigate how this incident happened.
“We apologise to all South Australian Government employees affected.”
The government has contracted Frontier Software to undertake its payroll services since 2001.
It’s highly likely that whatever breaches we see – whether it be with our information or anybody else’s – will likely be, sadly, bigger than what has ever occurred before
The payroll management company has more than 1500 government and non-government customers around the world and the South Australian Government wasn’t its only client to be impacted by the data breach.
Lucas said the breach hadn’t impacted internal State Government systems, rather it targeted information held by Frontier Software.
He said he was not aware of a bigger data breach in South Australia’s history.
“I think what we’re seeing around Australia and across the world is the extent of data breaches has become even bigger, so it’s highly likely that whatever breaches we see – whether it be with our information or anybody else’s – will likely be, sadly, bigger than what has ever occurred before,” he said.
The Treasurer said all government employees and public sector unions were today sent an email informing them of the data breach.
The South Australian Salaried Medical Officers Association (SASMOA) said it had received “many calls” from anxious health workers.
Lucas said he was first informed on Wednesday evening that there had been a cybersecurity attack, but he wasn’t told what information had been stolen.
He said Frontier Software confirmed that government employee information had been breached yesterday afternoon.
“I’m not going to accept criticism of tardiness on this particular occasion,” Lucas said when questioned about the delay informing the public.
“We acted expeditiously to get the information together, provide accurate information to our employees and we will continue to try to update.”
But the Opposition has accused the government of failing to protect employee data, claiming Frontier Software has been the target of cybersecurity breaches in the past.
“At the same time the Government is checking our every move through the Covid-19 QR check-in app, they can’t even protect their payroll of their own employees,” Shadow Treasurer Stephen Mullighan said.
“This would appear to be the third serious cyber breach in a year. What is going wrong inside the Government and protection of our data?”
Lucas said while he was disappointed that the breach had occurred, “we do have to bear in mind that on a daily basis we are confronted by examples of highly secure information being accessed”.
He said the government was particularly concerned about employees’ home addresses and bank details being stolen, as well as the potential for identity fraud, but said there was no evidence that the information had been used by the hackers.
“We can understand the concern that many of our employees have, even if that information is not being used directly to access bank accounts,” he said.
“To the extent that we can help, we will do all that we can to provide assistance to people in the public sector.”
Asked if Frontier Software had regained control of its system, Lucas said the government’s cybersecurity team was “doing everything that they can” to protect employee data.
“No one can 100 per cent guarantee that everything they do will guarantee no hacker around the world will be able to access,” he said.
Labor treasury spokesman Stephen Mullighan said the government should explain “why a security breach that happened four weeks ago is being revealed only now”.
“This would appear to be the third serious cyber breach in a year,” he said. “What is going wrong inside the Government and protection of our data?
“Steven Marshall talks a big game on cyber but can’t protect the Government’s own data.”