South Australian government employee data taken in Frontier Software ransomware attack

At least 38,000 and up to 80,000 SA government employees may have had their data accessed, the South Australian Treasurer has said.
Written by Chris Duckett, Contributor
Image: Mashka/Shutterstock

South Australia Treasurer Rob Lucas said on Friday that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software.

Lucas said the company has informed government that some of the data have been published online, with at least 38,000 employees and up to 80,000 government employees possibly having their data accessed.

The data contained information on names, date of birth, tax file number, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related information.

"We can confirm that no Department for Education employees are affected," Lucas said in a statement.

"The government's priority is the safety and security of every employee affected by this incident, and we are doing all we can to provide assistance to impacted employees."

Frontier Software has been handling payroll for South Australia since 2001.

On its site, the government states it "undertakes regular independent security tests and reviews" of Frontier Software.

Last month, Frontier Software was attacked on November 13 and alerted its customers to what it labelled as a "cyber incident" on November 16. It said its systems were restored on November 17.

"To date, our investigations show no evidence of any customer data being exfiltrated or stolen. Whilst the incident resulted in some of Frontier Software's Australian corporate systems being encrypted, Australian customer HR & Payroll data and systems are segmented from the corporate systems and were not compromised," it said on November 17.

On Thursday, the company sang a different tune.

"The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now confirmed evidence of some data exfiltration from Frontier Software's internal Australian corporate environment," it said.

"We have not identified evidence of compromise or exfiltration outside this segmented environment.

"We have further identified that some of the data exfiltrated from our internal corporate environment relates to a small number of Frontier Software customers. We are now in the process of directly notifying these customers that they may be affected."

During November, the ABC reported Federal Group, the owners of Hobart's Wrest Point casino, had to make advance payments of AU$250 to staff due to the attack on Frontier Software.

Related Coverage

Editorial standards