The company that provides payroll software services to the South Australian government may have its contract ripped up over a serious data breach, in what is yet another cautionary tale regarding the ferocity with which threat actors target government agencies and their providers.
As many as 80,000 South Australian government employees and contractors may have been victims of a major ransomware attack that took place late last year.
Frontier Systems, the company that provides payroll services to the South Australian government, received a breach of contract notice. In the incident, between 38,000 and up to 80,0000 SA government workers were identified as being potentially impacted as victims of the ransomware attack.
The issue came to public light as confidential government data was stolen from the payroll software service provider.
Frontier was found to be in breach of a provision in the contract to provide payroll services in a secure environment, the SA Government’s Department of Treasury and Finance declared.
Initial details were revealed in November where the cap of the number of victims having their data published online and the dark web was kept to 38,000 by the company.
But the number of potential victims and those affected later rose to 80,000 given later revision of numbers by agencies involved.
Information like names, date of birth, tax file numbers, home addresses, bank account details, employment start date, payroll period, remuneration were some among other payroll-related information published online.
This led to the temporary lockdown of the Australian Taxation Office Online accounts of the victims involved.
Once one of the company’s corporate servers was hacked by an overseas player, there was a transfer of a file from the secure government system to the Frontier system consisting of the government officials’ private information.
This was the file accessed by the hackers, as officials currently understand it.
Possible penalties could be imposed on Frontier Software for not meeting contractual requirements, with further investigation underway on what actions the government might take.
The SA Government has added that Frontier Software should be held accountable for meeting costs associated with implications of this breach of confidential information of the government, including third-party costs that arise for them.
The treasury and finance chief continued to weigh in on Frontier Software to identify other contractual breaches that may be laid upon the organisation.
A range of powers are open to the SA Government under the contract, but the incident shows two clear things:
- Companies need to take extreme caution with their disclosure in the moment of an incident. Gone are the days that companies could bury their heads in the sand and hope that bad news will go away, or try to suppress its extent. Eventually, the true nature of what has taken place will emerge and place organisations in a very awkward position if they are not being totally transparent.
- Government agencies and their vendors are constantly and unrelentingly the subject of threat actors’ actions. Their efforts are consistent and relentless, and need to be met with a corresponding level of clarity of proactive, thought-through security strategies in order to mitigate potential impacts on any organisation.