Legislative Council - Fifty-Fifth Parliament, First Session (55-1)
2023-11-02 Daily Xml

Contents

Super SA Cybersecurity Incident

The Hon. H.M. GIROLAMO (14:51): I seek leave to give a brief explanation before asking a question of the Minister for Industrial Relations and Public Sector on cybersecurity.

Leave granted.

The Hon. H.M. GIROLAMO: On 12 October, 14,000 Super SA members were notified that their personal, private data had been hacked some two months prior. Further on this, the Budget and Finance Committee was advised on Monday 23 October that this data had in fact ended up on the dark web. My questions to the minister are:

1. When was the minister advised of the Super SA cybersecurity breach?

2. What course of action did the minister take?

3. As the minister responsible for the public sector and servants, what has he done to ensure public servants' data is protected?

4. What new initiatives or support has been provided to protect the hundreds of thousands of South Australian public servants' data?

The Hon. K.J. MAHER (Minister for Aboriginal Affairs, Attorney-General, Minister for Industrial Relations and Public Sector) (14:52): I thank the honourable member for her questions. I am pleased to be able to report, for the honourable member and for the benefit of the council, that on 18 August 2023 the cybersecurity directorate, the CSD within the Department of the Premier and Cabinet, identified that a third-party call centre provider had been impacted by a potential cyber attack.

The Treasurer, the Hon. Stephen Mullighan, in another place has made public statements about the impact on Super SA data, for which he is responsible—that is, Super SA—and I am advised that Super SA has made information available, including through its website. The cybersecurity directorate within the Department of the Premier and Cabinet is managing the breach response on behalf of other impacted SA government agencies. The cybersecurity directorate, I am informed, notified the Privacy Committee of South Australia on 25 September 2023 in accordance with the government's personal information data breaches guideline.

If there are any further questions, given that Super SA—the impacted agency—resides within the responsibility of the Treasurer and the cybersecurity directorate is within the Department of the Premier and Cabinet, I can certainly get further and better particulars for the honourable member, but I am pleased to be able to bring that information to her.