Up to 80,000 South Australian (SA) government workers, including potentially the Premier, may have had their personal details stolen after a major ransomware cyber attack aimed at the government’s payroll system.
“I have been advised that the records of at least 38,000 employees were accessed and that up to 80,000 employees might have been accessed,” Lucas said.
The data contained information on names, date of birth, tax file number, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related information.
SA politicians, including Premier Steven Marshall, reportedly could also be one of the victims.
“The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted,” Lucas noted, adding that the Department for Education, which does not use Frontier, was the only department not affected.
The news came after Frontier, which has been the government’s payroll provider since 2001, on the previous evening had confirmed for the first time that hackers had stolen state government data from their network, and published it on the dark web.
The treasurer added that the government was particularly concerned about employees’ home addresses and bank details being accessed, as well as the potential identity fraud, but noted there was no evidence that the information had been used.
“We can understand the concern that many of our employees have, even if that information is not being used directly to access bank accounts,” he said.
“We apologise to all South Australian Government employees affected.”
While the attack targeted information held by Frontier Software, it had not reached internal state government systems.
The incident was believed to be the biggest data breach in South Australia’s history.
“I think what we’re seeing around Australia and across the world is the extent of data breaches has become even bigger, so it’s highly likely that whatever breaches we see… will likely be, sadly, bigger than what has ever occurred before,” Lucas said.
However, he emphasised that people should “bear in mind that on a daily basis we are confronted by examples of highly secure information being accessed”.
“No one can 100 per cent guarantee that everything they do will guarantee no hacker around the world will be able to access.”
The government said it will work closely with Frontier to investigate the matter and had also partnered with cybersecurity support service IDCARE to work with employees to develop a response plan and provide personal support through the process.
Labor treasury spokesman Stephen Mullighan criticised Premier Marshall’s role in failing to protect people’s data, saying the government should explain “why a security breach that happened four weeks ago is being revealed only now”.
“This would appear to be the third serious cyber breach in a year,” Mullighan said. “What is going wrong inside the Government and protection of our data?
Employees have been encouraged to take precautionary actions such as contacting their financial institutions and monitoring statements for any unauthorised transactions, changing their passwords or adding two-factor authorisation.
They should also be alert to any emails, text messages and phone calls from people requesting personal or account information, including access to devices.
All public sector employees have been sent an email advising of the level of information that was compromised and providing information on how to access help and support.
