Major state government’s payroll provider may lose license over major data breach


Share on facebook
Share on twitter
Share on linkedin

The company that provides payroll software services to the South Australian government may have its contract ripped up over a serious data breach, in what is yet another cautionary tale regarding the ferocity with which threat actors target government agencies and their providers.

As many as 80,000 South Australian government employees and contractors may have been victims of a major ransomware attack that took place late last year.

Frontier Systems, the company that provides payroll services to the South Australian government, received a breach of contract notice. In the incident, between 38,000 and up to 80,0000 SA government workers were identified as being potentially impacted as victims of the ransomware attack.

The issue came to public light as confidential government data was stolen from the payroll software service provider.

Frontier was found to be in breach of a provision in the contract to provide payroll services in a secure environment, the SA Government’s Department of Treasury and Finance declared.

Initial details were revealed in November where the cap of the number of victims having their data published online and the dark web was kept to 38,000 by the company.

But the number of potential victims and those affected later rose to 80,000 given later revision of numbers by agencies involved.

Information like names, date of birth, tax file numbers, home addresses, bank account details, employment start date, payroll period, remuneration were some among other payroll-related information published online.

Frontier Software
Frontier Software, the company at the middle of the maelstrom

This led to the temporary lockdown of the Australian Taxation Office Online accounts of the victims involved.

Once one of the company’s corporate servers was hacked by an overseas player, there was a transfer of a file from the secure government system to the Frontier system consisting of the government officials’ private information.

This was the file accessed by the hackers, as officials currently understand it.

Possible penalties could be imposed on Frontier Software for not meeting contractual requirements, with further investigation underway on what actions the government might take.

The SA Government has added that Frontier Software should be held accountable for meeting costs associated with implications of this breach of confidential information of the government, including third-party costs that arise for them.

The treasury and finance chief continued to weigh in on Frontier Software to identify other contractual breaches that may be laid upon the organisation.

A range of powers are open to the SA Government under the contract, but the incident shows two clear things:

  1. Companies need to take extreme caution with their disclosure in the moment of an incident. Gone are the days that companies could bury their heads in the sand and hope that bad news will go away, or try to suppress its extent. Eventually, the true nature of what has taken place will emerge and place organisations in a very awkward position if they are not being totally transparent.
  2. Government agencies and their vendors are constantly and unrelentingly the subject of threat actors’ actions. Their efforts are consistent and relentless, and need to be met with a corresponding level of clarity of proactive, thought-through security strategies in order to mitigate potential impacts on any organisation.
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.