Legislative Council: Tuesday, July 05, 2022


Frontier Software Cybersecurity Incident

In reply to the Hon. F. PANGALLO (18 May 2022).

The Hon. K.J. MAHER (Attorney-General, Minister for Aboriginal Affairs, Minister for Industrial Relations and Public Sector): I have been advised:

The South Australian government responds to hundreds of cybersecurity incidents each year. It is generally not advisable to comment on the specifics of individual cybersecurity incidents, unless it is in the best interests of the community.

The breach notice sets out a range of actions that the South Australian government is requiring Frontier Software to undertake in remediating its failure to adequately protect the personal information of affected current and former public sector employees, this includes implementing the recommendations made by PricewaterhouseCoopers (PwC) as part of its independent post-incident review. Frontier Software will be responsible for meeting the third-party costs incurred by the South Australian government in responding to the cyber incident.

No decision has been made on whether Frontier Software’s contract will be extended or renewed at this time. Frontier’s compliance with the requirements of the breach notice will be an important consideration in making this decision.

Government officials were not involved in any discussions between Frontier Software and the cyber criminals. The information provided by Frontier at the time was simply that a ransom demand had been made. Frontier has refused to provide any further details regarding the nature of the ransom demands or their communications with the cyber criminals.