SA breach numbers grow
South Australia’s Treasurer says over 90,000 public servants are now involved in a payroll data breach.
Treasurer Stephen Mullighan announced this week that a $420,000 “forensic review” by PricewaterhouseCoopers (PwC) had uncovered an additional 13,088 current and former public servants whose personal information was stolen in a cyber attack last year, on top of the 80,000 employees announced by the former government last year.
Data including data tax file numbers and bank account details were stolen in a hack on the state government's payroll provider, Frontier Software, last November.
“The attack was perpetrated by an overseas criminal organisation on Frontier's network and this data, amongst others, was accessed,” Mr Mullighan said this week.
“After accessing this information, the perpetrators deployed ransomware to Frontier's systems and posted some of the files to the dark web.”
Mr Mullighan said the files were accessible for less than 24 hours.
“There is no information regarding any ransom which may have been paid or how Frontier managed engagement with the overseas cybercriminals in relation to this attack,” Mr Mullighan said.
The SA government has used Frontier Software as a third-party payroll system for the majority of public servants since 2001.
Among the latest group of workers revealed to have had their data stolen are current and former employees of SA Police, the Metropolitan Fire Service and the Department for Infrastructure and Transport, as well as government executives and board members.
“I am informed [that] Frontier Software have developed additional security measures within its systems,” Mr Mullighan said.
“A formal breach notice has been issued by the government to Frontier regarding its failure to adequately protect the information it holds for South Australian government employees.”
Over 3,000 public servants have accessed cybersecurity support services following the data breach.
Some have been locked out from accessing services such as the Australian Taxation Office or their superannuation record systems because of this incident.
The recently identified employees are being contacted individually this week, the government said.