House of Assembly Fifty-Fifth Parliament Parliament, First Session (55-1) 55 1 Parliament of South Australia House of Assembly published Ministerial Statement Ministerial Statement Frontier Software Cybersecurity Incident Frontier Software Cybersecurity Incident The Hon. S.C. MULLIGHAN House of Assembly Lee The Hon. S.C. MULLIGHAN (Lee—Treasurer) (14:01): I seek leave to make a ministerial statement. Leave granted. The Hon. S.C. MULLIGHAN House of Assembly The Hon. S.C. MULLIGHAN: On 10 December last year, the former Liberal government publicly announced that Frontier Software had been the victim of a ransomware cyber attack, with significant personal information of approximately 80,000 state government employees illegally accessed. Frontier Software is an external payroll software provider for the majority of state government employees and has held its contract with the state government since 2001. On coming to government, I asked Treasury to provide me advice on this incident and the steps being taken since this incident occurred. I am advised the former government was first formally made aware of this ransomware-based cyber attack on 14 November 2021. I am advised that at first Frontier did not believe SA government payroll data had been accessed. Frontier's servers had been compromised, and I am advised it took until Wednesday 8 December 2021 to advise government that it had confirmed state government payroll data had indeed been accessed. Frontier advised the government that it had inappropriately stored government payroll data on its own servers, contrary to its contract with the state government. The attack was perpetrated by an overseas criminal organisation on Frontier's network, and this data, amongst others, was accessed. After accessing this information, the perpetrators deployed ransomware to Frontier's systems and posted some of the files to the dark web. Thankfully, following engagement by Frontier, the files were only accessible for less than 24 hours on the dark web. There is no information regarding any ransom which may have been paid or how Frontier managed engagement with the overseas cyber criminals in relation to this attack. The state government payroll information accessed by this organisation belonged to both current and former public servants, containing personal information. While different groups of employees had varying levels of data stored by Frontier and illegally accessed, the type of information included employees' tax file number; first name; last name; date of birth; employee number; home address and emergency contact information; email address and phone numbers; Australian Taxation Office payment summaries; bank account information; superannuation details; salary related information, including allowances and deductions; training and education history; and employee diversity information. The former Treasurer publicly announced this cyber attack at approximately 2pm Friday afternoon on 10 December 2021, two days after it was notified by Frontier that employees' information had in fact been accessed. This announcement occurred in conjunction with an email to public servants. It occurs to me the timing of the former government's announcement serves to minimise media scrutiny and also had the unfortunate consequence of reducing the ability of employees to make inquiries about the incident. Treasury has engaged PricewaterhouseCoopers to undertake a forensic review of this incident. I can now advise the house that these formal investigations of the relevant facts and impacts are now complete. The estimated cost of this PwC review was $420,000, agreed by the former government. I am advised the cost to the South Australian government managing this process may exceed three-quarters of a million dollars by June this year. This PricewaterhouseCoopers review identified that there were a further 13,088 individuals who had personal information stolen in this attack and did not receive any targeted communication from the state government in 2021. These individuals were a mixture of former and current employees of South Australia Police, Metropolitan Fire Service, Department for Infrastructure and Transport and state government executives and board members. Now that the review has been completed, direct communications and updated material for those past and current employees impacted have been provided. These communications occurred this week, commencing on Monday 16 May 2022. The Malinauskas Labor government is taking action on these important issues and will not delay advising employees like the former government. I am informed Frontier Software has developed additional security measures within its systems. A formal breach notice has been issued by the government to Frontier regarding its failure to adequately protect the information it holds for the South Australian government employees. State government employees have been concerned about their personal information being accessed and have suffered direct impacts from this cybersecurity incident. In excess of 3,000 individual employees have accessed a cybersecurity support service put in place to assist victims of the data breach, with many of them being locked out from accessing important services such as the online Australian Taxation Office or superannuation record systems because of this incident. Now that the final report from the formal investigations has concluded, this government is committed to ensuring all affected employees will continue to be directly notified. I will update the house in the future on the steps being taken to recover costs from Frontier and ensure the future security of South Australian government employee information.