House of Assembly - Fifty-Fifth Parliament, First Session (55-1)
2022-12-01 Daily Xml

Contents

Frontier Software Cybersecurity Incident

Mr FULBROOK (Playford) (14:47): My question is to the Treasurer. Can the Treasurer provide an update on what steps have been taken to recover costs and ensure the future security of South Australian government employee information?

The Hon. S.C. MULLIGHAN (Lee—Treasurer) (14:47): I'm grateful to the member for Playford for asking this question because it's an important question, and I'm also grateful for the opportunity to be able to make a contribution today. It's an historic day. It's not every day a former Premier is set to announce their retirement from the parliament and the commissioning of a by-election, but we look forward to that later this afternoon.

Members interjecting:

The SPEAKER: Order! The Treasurer has the call and will not engage in digression or personal reflection.

The Hon. S.C. MULLIGHAN: Members may recall that on 10 December last year, just after 2 o'clock on the Friday afternoon of that day, the former Liberal government announced publicly that there had been a cyber attack on Frontier Software, the software provider looking after the majority of the South Australian public sector payroll. As it turned out, more than 80,000 current and former state government employees had their personal details illegally accessed.

I provided an update to the house on this issue on 18 May this year, giving clarity on the actions of both the former government, in trying to rush this extraordinary information out late on a Friday afternoon towards the end of the week, but particularly the impact on the affected people, the level of data illegally accessed and the actions of the Department of Treasury and Finance dealing with the issue.

I am pleased to report that all affected employees identified as having suffered a data breach from Frontier have been directly notified now and they have had assistance provided to them. The Department of Treasury and Finance has also worked with key third parties, including the Australian Taxation Office and Super SA to mitigate the resultant identity risks.

As of Monday this week, agreement was reached with Frontier Software on a compensation amount of approximately $1.75 million to the state government from Frontier. This compensation is in recognition of the ongoing consequences and impacts of the cybersecurity incident in late 2021. It also includes the recovery of direct third-party costs incurred by the department in responding to the cyber incident in the previous financial year.

Some of this amount will be received by the state in a lump sum before the end of the calendar year, and the rest will be progressively recouped contractually through reduction in fees charged by Frontier for the provision of payroll software and services until 30 June 2024.

I am pleased to report that, since November, Frontier has made significant investment in improving its cybersecurity capability, over the last 12 months. This is including implementing 15 improvement recommendations made by CyberCX, which was engaged by Frontier in an advisory capacity following the incident.

The Department of Treasury and Finance is also working closely with Frontier to implement a number of other cybersecurity enhancements recommended by PricewaterhouseCoopers following the independent review into the data breach. These enhancements can be summarised as the eight key recommendations made by PwC requiring action by Frontier.

It is important for me to report that five of these recommendations have been addressed, including the secure deletion of all South Australian government personal information previously held on Frontier's corporate network. It is important to remind the house that this was a breach of Frontier's network not a breach of the South Australian government's payroll systems. The three remaining recommendations are expected to be resolved by the end of this calendar year.

Importantly, there are still no confirmed cases of any impacted individual suffering the consequences of identity theft or fraud as a consequence of this 2021 cyber incident.