The personal details of up to 80,000 employees have been leaked following a breach of the government’s external payroll software.
South Australian Premier Steven Marshall is among 38,000-80,000 employees with personal information exposed as a result of a ransomware attack on external payroll software provider Frontier Software.
According to the SA government, the personal information includes names, dates of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation contributions.
The information has reportedly been published on the dark web.
"The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted, with the exception of teachers and the Department for Education," Treasurer Rob Lucas told the ABC.
The breach is currently under investigation, with the government offering support to affected employees.
"This is obviously of great concern to the government," Treasurer Lucas added.
"… As soon as we've been able to get information together, provide accurate information to our employees, we've done so."
Lucas said no evidence has emerged indicating the personal information had been exploited.
Reacting to the news, Shaun Witherden, senior channel manager at Datto, noted the importance of considering the security protocols of third parties before onboarding their software.
“As organisations become more reliant on SaaS products, it’s crucial when making purchasing decisions to consider potential SaaS providers’ security posture and practices, as it can and will have direct impacts on their customers when they suffer outages due to cyber incidents,” Witherden said.
“SaaS providers should ensure they have practices in place to protect against permanent data loss and quickly recover from cyber incidents.
“By adopting a shared responsibility model, SaaS providers can enable business continuity, while ensuring compliance and meeting security requirements.”
Aaron Bugal, global solutions engineer APJ at Sophos, said this latest breach highlights the need for organisations to prioritise supply chain security.
“It is not enough for organisations to just focus on their own security infrastructure; they must understand and have confidence in the security of their entire supply chain,” Bugal said.
“Regardless of whether supply chains exist in physical or digital channels, they must be included within risk modelling and incorporated into an incident response plan, as they are an extension to the business.
“Attackers are increasingly using an organisation’s supply chain partners to gain access to confidential and sensitive information, particularly if they identify a weak link. As such, it’s imperative organisations are working closely with their supply chains to understand the security of businesses they collaborate with and work together to address vulnerabilities.”
News Editor – Defence and Security, Momentum Media
Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres