Data from an estimated 80,000 South Australian government employees may have been exposed in a breach affecting third-party supplier Frontier Software, the state’s treasurer has warned.
The breach included common payroll information such as first and last names, dates of birth, home addresses, tax file numbers, and bank account details, SA Treasurer Rob Lucas confirmed in a statement on Friday.
“I have been advised that the records of at least 38,000 employees were accessed and that up to 80,000 employees might have been accessed,” Lucas said.
“The government is currently working with Frontier to try and establish a more accurate estimate.”
All SA government employees, including politicians, may have been affected with the exception of the Department for Education because it does not use Frontier Software.
It’s been a tough end of 2021 for SA government bodies which last month reported two other security incidents, one of which involved physical devices containing data from around 28,000 ambulance patients being stolen from a third party consultant.
Lucas said his government was working with IDCARE to provide further support for staff affected by the latest incident.
“The government’s priority is the safety and security of every employee affected by this incident, and we are doing all we can to provide assistance to impacted employees,” he said.
“We are deeply disappointed that this breach occurred and are working closely with Frontier Software to investigate how this incident happened.
“We apologise to all South Australian Government employees affected.”
A Melbourne-based company, Frontier Software has provided payroll software services for the SA government since 2001 and is a global operation.
In mid-November, the company was hit by a ransomware attack that resulted in some of its “Australian corporate systems being encrypted” although there was “no evidence of any customer data being exfiltrated or stolen” at the time.
“Australian customer HR and payroll data and systems are segmented from the corporate systems and were not compromised,” Frontier said in a statement on 17 November.
But that advice changed last week following a forensic investigation into the ransomware attack which found data had in fact been taken during the incident – although the data related only “to a small number of Frontier Software customers” including the SA government, evidently.
According to Bleeping Computer, ransomware group Conti posted a notification about the data on its dark web leak site last month but has since taken down its post about Frontier Software.
Conti knocked out the IT systems of the Irish public healthcare service earlier this year and was behind the resurfacing of infamous email spam botnet Emotet last month.