Legislative Council - Fifty-Fifth Parliament, First Session (55-1)
2022-05-18 Daily Xml

Contents

Frontier Software Cybersecurity Incident

The Hon. F. PANGALLO (15:01): I seek leave to make a brief explanation before—

Members interjecting:

The PRESIDENT: Order! Respect.

The Hon. F. PANGALLO: It's actually on the run, this one, so you may have to put the timer on.

The PRESIDENT: Don't let them put you off. The Hon. Mr Pangallo, please continue.

The Hon. F. PANGALLO: I seek leave to make a brief explanation before asking the Attorney-General, representing the Treasurer, a question about Frontier cybersecurity.

Leave granted.

The Hon. F. PANGALLO: Today, the Treasurer has tabled a ministerial statement in relation to the Frontier cybersecurity incident in November 2021, where a criminal organisation was said to have gained significant personal information of almost 80,000 state government employees, and a review was ordered by the previous Treasurer, the Hon. Rob Lucas, which was conducted by PwC.

The Treasurer today has outlined some of the findings of that review, and it appears that on top of the 80,000 government employees that had information illegally accessed there were a further 13,000 individuals whose details were accessed. In his statement, the Treasurer says:

Frontier advised the government that it had inappropriately stored government payroll data on its own servers, contrary to its contract with the state government.

And:

The estimated cost of this PwC review was $420,000…

The Treasurer advises that the cost to the South Australian government managing this process may exceed three-quarters of a million dollars by June 2022. The questions to the Treasurer are:

1. What does the issuing of a breach notice actually mean in the context of these findings to Frontier cybersecurity?

2. Who will be responsible for the costs of the review, which are now estimated to be close to three-quarters of a million dollars? Will it be taxpayers or Frontier security?

3. Will Frontier's security contract be extended or renewed?

4. Have there been other cybersecurity attacks since this one on other government agencies?

5. What were the demands that were made at the time of the attack to Frontier security by the criminal organisation that was involved?

The Hon. K.J. MAHER (Attorney-General, Minister for Aboriginal Affairs, Minister for Industrial Relations and Public Sector) (15:04): I thank the honourable member for what was a brief explanation and quite a number of questions, and I will refer those on to the Treasurer in another place and bring back a reply for him.