The State Government has now confirmed that personal information belonging to nearly 80,000 public sector employees has been exposed as a result of a cyber-attack on its external payroll software provider, Frontier Software.
On Friday, Treasurer Rob Lucas said the records of “at least 38,000 employees were accessed and up to 80,000 employees might have been accessed’’.
“The Government has since analysed data files provided by Frontier Software, which are believed to be amongst the records stolen during the data breach,” said Mr Lucas.
“On current analysis, we can now confirm that personal information belonging to nearly 80,000 public sector employees has been exposed.
“I am advised all public sector employees, except for Department of Education staff who are on a different payroll system, should assume that their personal information has been accessed during Frontier Software’s cyber-attack.
“On behalf of the Government, I once again apologise to those employees affected and will ensure they continue to be kept informed as our investigation with Frontier Software continues.”
The data accessed relates to personal information including, but not limited to, first name, last name, date of birth, tax file number, home address and bank account details.
Since learning of this data breach late last week, the State Government has taken the following action to address all potential areas of exposure, including:
- Working with the Australian Taxation Office to add additional security measures to all affected tax file numbers. These measures aim to detect fraudulent activity.
- Notifying banks and financial institutions to add additional safeguards for employees’ payroll bank accounts.
- Alerting SuperSA, the public sector employee superannuation scheme, which has put additional security checks in place for all employee accounts.
- Notifying Maxxia, the State Government’s salary sacrifice provider, which has increased its security measures for employees.
- Working with Services Australia to implement additional security measures for employees.
- Payroll Services implementing additional controls for validating changes made and/or requested to employees’ personal details, including bank account, address, email, phone numbers and deductions.
The State Government has also notified the SA Privacy Committee, Office of the Australian Information Commissioner and the Australian Federal Police.