The South Australian Government has confirmed up to 80,000 digital employee records have been stolen following a breach of its payroll software systems in November, more than doubling an initial estimate made last week.
The Government last Friday revealed at least 38,000 records from government employees had been accessed in a cyber-attack on Frontier Software, a third-party payroll systems provider used by most SA state agencies and departments.
However, on Tuesday, the state’s Treasurer Rob Lucas confirmed that up to 80,000 employee records were stolen in the attack and subsequently published on the dark web.
Personal details including – but not limited to – first and last names, tax file numbers, bank accounts and home addresses were captured by hackers during the breach incident.
While the investigation remains ongoing, the breach, which occurred on 13 November and delivered via ransomware, was reportedly executed by Russian hackers.
Frontier said it had restored safe system access to all Australian hosted customer systems impacted by the breach on 17 November, four days after the initial intrusion.
SA Government employees (with the exception of those at the Department of Education who were not subject to the hack), were advised to assume their personal information had been stolen.
Frontier Software has been the South Australian Government’s payroll software provider since 2001.
The company said the breach was limited to its “internal Australian corporate environment”, with no “evidence of compromise or exfiltration outside this segmented environment”.
Frontier Software Australia’s chief executive Nick Southcombe confirmed it was the company’s “first such cyber incident… ever experienced”.
“We are committed to learning from this experience and implementing all necessary cybersecurity measures to minimise the likelihood of an incident occurring in future,” Southcombe said.
SA Treasurer Lucas said the Government was “deeply disappointed” by the breach and is “working closely with Frontier Software to investigate how this incident happened”.
The Government has advised impacted employees to change passwords, add two-factor authentication to their accounts, and to contact their financial institutions immediately if unauthorised transactions are detected.
In addition, the Government said employees can work with its breach support partner IDCARE “to develop a specific response plan and provide personal support throughout the process”.
The Government said it had contacted public sector employees via email with details of the breach and information for further help and support.
The SA Privacy Committee, Office of the Australian Information Commissioner, and the Australian Federal Police have been notified about the incident.