The South Australian government has disclosed that the sensitive personal information belonging to tens of thousands of its employees was compromised following a ransomware attack that hit the system of an external payroll software provider last month.
The number of records accessed by hackers corresponds to at least 38,000 SA government employees, but it could be as high as 80,000 according to South Australia’s Treasurer Rob Lucas.https://ecdn.firstimpression.io/static/html/obd_banner.html
The breached company behind this data breach is Frontier Software, which suffered from a ransomware attack on November 13, 2021.
According to the company’s statement on the incident, the threat didn’t pivot to client systems through their products and the data exfiltration only affected a specific segmented environment.
“The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now confirmed evidence of some data exfiltration from Frontier Software’s internal Australian corporate environment,” the company said.
“We have not identified evidence of compromise or exfiltration outside this segmented environment.”
The only public entity that wasn’t affected by the incident is the Department for Education, which does not use Frontier products.
“The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted, with the exception of teachers and the Department for Education,” Lucas told ABC News after disclosing the data breach.
“Having the bank account details doesn’t give you access to the bank account, but it’s the first step in trying to crack a code in terms of passwords.
“We expect the state government to take all possible steps to review its cyber security measures in order to prevent such an event in the future.”
Government employees affected by this incident are advised to treat incoming emails, calls, and SMS with caution. Additionally, everyone should reset their passwords and activate two-factor authentication where possible.
Affected individuals should closely monitor bank statements and account activity and report any suspicious transactions to the authorities. Exposed people can take advantage of a free IDCARE cyber-security support service offering, following the instructions laid out on the incident announcement on the SA government website.
Conti ransomware behind the breach
Bleeping Computer has seen an announcement on Conti ransomware’s data leak portal dated November 16, 2021, which matches the attack details shared by Frontier Software in their statement.
However, the listing has since been removed from the portal, which probably means the negotiations have ended.