Treasurer Rob Lucas disclosed the breach on Friday, confirming that the private and financial records of at least 38,000 employees had been viewed – with more than double potentially affected.
External state government payroll software vendor Frontier Software was hit by a major ransomware attack with the theft of “important personal information of SA government employees”, including their names, date of birth, tax file number, personal address, bank details, remuneration, pay period, start date of employment, pension contribution and amount of tax withheld.
The Civil Service Association confirmed today that it is seeking legal advice on the violation on behalf of its members, demanding that the government cover the costs of any affected employees.
Acting Secretary General Natasha Brown said Daily in a statement, the union was “very concerned about the recent serious data breach and the potential consequences for PSA members.”
“The PSA is seeking legal advice on behalf of members on their rights and options to deal with the adverse consequences that may arise from this serious data breach,” she said.
“The PSA expects the government to cover all costs to members for the adverse consequences of this serious data breach, including financial losses.
“The government must take full responsibility for the integrity of this very sensitive data.”
She said the union would write to the government after receiving a legal briefing, saying: “The government may have privatized the service – but it cannot privatize its responsibility for the sensitive personal data of our members.”
Government payroll was outsourced to Frontier Software Australia in 2002, with the company’s website highlighting its success in consolidating the data structures of multiple agencies.
“To date, Frontier Software has never missed a salary for the [Government of SA]even during the power outage of 2016, ”the site boasts.
Lucas said the government was also seeking legal advice, but was “sympathetic” to the plight of anyone financially disadvantaged – pointing out that to date there was no evidence that anyone’s accounts were being accessed. .
“At this point it’s hypothetical because we don’t know anything… we don’t know that anyone’s bank details have been hacked,” he said.
He said the institutions involved are committed to adding an extra level of security for people attempting to change their bank details.
“If someone calls and wants their bank details changed, financial institutions will ask additional questions that are not part of the data breach,” he said.
“There is a whole series of things that are done to minimize this prospect [but] in the event that there is, i’m sympathetic.
He said the government “is clearly seeking legal advice on a range of things as well to see if Frontier and their insurers have any liability for compensation” if necessary.
However, he said it was premature to consider breaking the government’s contract with its payroll service provider.
“No one can ever guarantee that you are 100% [secure], we must first establish the facts before considering the implications and consequences of what happened, ”he said.
“There is no easy process to replace [the service], the advice I have is that if we terminated them no one in the state would get paid starting next week… it’s a 20 year deal that’s been in place for a long time.
The data files consulted date back to July 2020, and anyone employed in the government patrol since then has been contacted.
Lucas last week urged staff to take their own steps to reduce the risk of their data being compromised, suggesting they contact their financial institution, monitor statements for any unauthorized transactions, and consider adding additional security, including by changing passwords and enabling two-factor authorization.
The government has also engaged the cybersecurity helpdesk IDCare to develop a specific response plan and provide personal support to affected employees.
Local news issues
Media diversity is under threat in Australia – nowhere more so than in South Australia. The state needs more than one voice to guide it, and you can help with a donation of any size to InDaily. Your contribution goes directly to helping our journalists uncover the facts. Please click below to help InDaily continue to get the facts.