Cyber-attack results in the biggest data breach in South Australia’s history

The South Australian (SA) State Governments' external payroll software provider, Frontier Software, has been hit by a major ransomware attack, resulting in up to 80,000 government employees’ data being stolen. 

The initial ransomware attack occurred on November 16th, with Frontier admitting it was “experiencing a cyber incident which has resulted in limited access to some of our computer systems and data”. The next day the company stated that their investigations “show no evidence of any customer data being exfiltrated or stolen”. This initial assessment by Frontier has proven to be very wrong, with the full extent of the cyber-attack only now being admitted. The cyber-attack is now believed to have resulted in the biggest data breach in South Australia’s history, having very damaging effects. 

SA State government treasurer Rob Lucas said “I have been advised that the records of at least 38,000 employees were accessed and that up to 80,000 employees might have been accessed. The Government is currently working with Frontier to try and establish a more accurate estimate. We can confirm that no Department for Education employees are affected”. 

The Frontier Software ransomware attack has resulted in the names, addresses, tax file numbers, and banking details of government employees being stolen and published on the dark web. 

Rob Lucas also stated that “All public sector employees have been sent an email, which I am advised details the level of information that was accessed and provides information on how to access help and support. In addition, employees can access further information at SA.GOV.AU where the government will provide regular updates as new information becomes known”. 

Affected employees are being urged to take immediate steps to reduce the risk of their data being used fraudulently. These steps include contacting their financial institution, monitoring their transactions, changing passwords, and increasing security where possible. Employees are also instructed to be alert to any emails, text messages or phone calls from individuals requesting personal or account information; employees should verify the individual’s legitimacy by contacting the organisation they claim to be from themselves to check if the contact is legitimate.  

The SA government has partnered with the cybersecurity support service IDCARE to work with employees to provide personal support throughout the process as well as to develop a response plan. 

Frontier Software Australia chief executive Nick Southcombe has said “At this point, we have only identified one customer that has been affected, being the government of South Australia, and we are communicating directly with them and providing as much assistance as we can”.  

The data breach is believed to have affected a vast range of SA government employees, from junior staff members to senior politicians. 

Mr. Lucas has stated that the cyber attack has not impacted the SA government’s own computer systems in any way.