This post was original published at https://www.itnews.com.au/news/south-australian-gov-issues-breach-notice-to-hacked-payroll-provider-574782?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Security+feed

 

Payroll software provider Frontier Systems has been issued with a breach of contract notice over a ransomware attack that saw the personal details of 80,000 South Australian public servants stolen.

Department of Treasury and Finance chief David Reynolds revealed the the action after it emerged government data had been stolen directly from Frontier’s corporate network.

“We have issued a breach notice to Frontier for being in breach of our provision with them to provide the payroll services in a secure environment,” he told a parliamentary hearing on Monday.

The government first disclosed the extent of the data breach in November, when it said at least 38,000 employees had their records stolen and, in some cases, published on the dark web.

It later revised up this figure, putting the number of public servants affected by the breach at closer to 80,000.

Data accessed included names, dates of birth, addresses and tax file numbers, leading the Australian Taxation Office to temporarily lock people out of their ATO Online accounts.

Shedding new light on the breach of Monday, Reynolds said the data stolen in the attack was from a file that had been transferred to Frontier’s networks from the government’s payroll system.

“As we understand it, information and where matters were compromised was the information of one of their corporate servers, which was hacked by some overseas player,” he said.

“It hacked their corporate networks and, as it turned out, they had transferred a file with our staff details onto their corporate network out of our secure payroll system.

“So that file that had been transferred to their corporate network was the one that was accessed by the hacker in this instance, as we understand it.”

Reynolds added that he was not aware of any individual who had had their details compromised as a result of the data breach.

While investigations are ongoing into what action the government might take, Reynolds said penalties could be imposed on Frontier for not meeting contractual requirements.

“We certainly have provisions in there where they need to meet any costs associated with the implications of this for us, including third-party costs that arise for us in doing this,” he said.

“Outside of that, we are still working through what other potential contractual requirements we can put on them.”

Reynolds also did not rule out terminating the contract with Frontier, but said that any decision to do so would be informed by a review.

“It will be a matter to be considered once we’ve got the review,” he said.

“Of course, we need to continue to be able to provide payroll services so that… all the public servants continue to get paid.

“We need a payroll provider, so there is the question about the contract with Frontier, what we do with it and, if we were to stop using them, how we could transition to another provider.”