Up to 80,000 South Australian (SA) government workers, including potentially the Premier, may have had their personal details stolen after a major ransomware cyber attack aimed at the government’s payroll system.
South Australian Treasurer Rob Lucas on Friday afternoon confirmed he was informed by Frontier Software on Wednesday evening that it was the victim of a ransomware attack, and that “significant personal information of SA government employees” had been exfiltrated.
“I have been advised that the records of at least 38,000 employees were accessed and that up to 80,000 employees might have been accessed,” Lucas said.
The data contained information on names, date of birth, tax file number, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related information.
SA politicians, including Premier Steven Marshall, reportedly could also be one of the victims.
“The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted,” Lucas noted, adding that the Department for Education, which does not use Frontier, was the only department not affected.
The news came after Frontier, which has been the government’s payroll provider since 2001, on the previous evening had confirmed for the first time that hackers had stolen state government data from their network, and published it on the dark web.
The payroll management company provides services to more than 1,500 governments and non-government agencies around the world and the SA Government was not its first client to be hit by cyber attack.
The treasurer added that the government was particularly concerned about employees’ home addresses and bank details being accessed, as well as the potential identity fraud, but noted there was no evidence that the information had been used.
“We can understand the concern that many of our employees have, even if that information is not being used directly to access bank accounts,” he said.
“We apologise to all South Australian Government employees affected.”
While the attack targeted information held by Frontier Software, it had not reached internal state government systems.
“I think what we’re seeing around Australia and across the world is the extent of data breaches has become even bigger, so it’s highly likely that whatever breaches we see… will likely be, sadly, bigger than what has ever occurred before,” Lucas said.
However, he emphasised that people should “bear in mind that on a daily basis we are confronted by examples of highly secure information being accessed”.
“No one can 100 per cent guarantee that everything they do will guarantee no hacker around the world will be able to access.”
The government said it will work closely with Frontier to investigate the matter and had also partnered with cybersecurity support service IDCARE to work with employees to develop a response plan and provide personal support through the process.
Labor treasury spokesman Stephen Mullighan criticised Premier Marshall’s role in failing to protect people’s data, saying the government should explain “why a security breach that happened four weeks ago is being revealed only now”.
“This would appear to be the third serious cyber breach in a year,” Mullighan said. “What is going wrong inside the Government and protection of our data?
Employees have been encouraged to take precautionary actions such as contacting their financial institutions and monitoring statements for any unauthorised transactions, changing their passwords or adding two-factor authorisation.
They should also be alert to any emails, text messages and phone calls from people requesting personal or account information, including access to devices.
All public sector employees have been sent an email advising of the level of information that was compromised and providing information on how to access help and support.