Nearly 80,000 South Australian government employees’ records, including their names, tax file numbers, and banking information, may have been taken in a cyber-attack, with workers told to assume their personal information has been stolen.
Rob Lucas, the Treasurer of South Australia, first revealed on Friday that 38,000 government employees’ records had been stolen in a cyber-attack, but verified the scope of the data breach on Wednesday.
Frontier Software, an external business that has provided payroll software to the South Australian government for the past 20 years, was the target of the attack. Personnel working for the government since July of last year are affected, with the exception of employees at the Department of Education.
Although investigations are underway, it is suspected that the event was caused by a ransomware attack carried out by Russian hackers five weeks ago.
Employees’ first and last names, date of birth, tax file number, home address, and bank account data are among the personal information stolen.
Lucas apologised to the affected employees, calling it a “very severe breach.”
“It’s practically everyone,” he continued, “from members of parliament to the premier, as well as persons who work on government boards and committees.” “To the degree possible, now that this has happened, we are providing the highest amount of security we can.”
Employees were encouraged to take security precautions such as changing passwords and security questions, as well as monitor their accounts for any suspicious activity.
The government could not quickly terminate the contract with Frontier Software, according to Lucas, because finding a new provider would take at least six months.
As investigations continued, Frontier Software Australia CEO Nick Southcombe said the company was keeping an eye out for any further unusual behaviour.
“We are continuing to work closely with our clients to share the most up-to-date information about the issue and to provide additional cyber security help to ensure the continued protection of their systems,” Southcombe added.
“We can affirm that this is Frontier Software’s first ever cyber incident.” We’re dedicated to learning from this experience and putting in place the essential cyber security measures to reduce the chances of a similar catastrophe.”
Frontier Software announced on its website on December 9 that some of its Australian customer systems had been affected by a cyber incident on November 13 and that it has begun alerting clients.
The event has been reported to the South Australian Privacy Committee, the Australian Information Commissioner’s Office, and the Australian federal police.
Acting general secretary of the Public Service Association, Natasha Brown, said the union was seeking legal advice on behalf of its members.
Brown stated, “The government must assume full responsibility for the integrity of this extremely sensitive material.” “The government may have privatised the service, but they cannot privatise their obligation for our members’ sensitive personal information.”
“The PSA anticipates the government covering all costs incurred by members as a result of this significant data breach, including any financial losses.”