80,000 Australian government employees impacted by ransomware attack on Frontier Software

On Thursday 9th of December 2021, South Australian government disclosed that the sensitive personal information belonging to up to 80,000 Australian government employees have been compromised following a ransomware attack that targeted the systems of Frontier Software who are responsible for the South Australian government’s payroll software.

“The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now confirmed evidence of some data exfiltration from Frontier Software’s internal Australian corporate environment,” – Frontier Software

Frontier Software have stated that the incident did not affect any of their client systems via their products and that the data exfiltration affected a particular segment of their systems. The only public department that wasn’t affected by the incident was the Department for Education as they don’t use Frontier products. The data that has been compromised according to the South Australian government includes:

• First name
• Last name
• Date of birth
• Tax file number
• Home address
• Bank account details
• Employment start date
• Payroll period
• Remuneration
• Tax withheld
• Payment type
• Lump-sum payment type and amount
• Superannuation contribution
• Reportable fringe benefits tax amount

The Conti ransomware gang are believed to be responsible for the incident as they released a posting to their leak site, although it has been removed since which could be an indication that the negotiations have ended. The recommended steps are all affected government employees are advised to keep a lookout for strange emails or SMS texts and that everyone should reset their passwords and activate two-factor authentication where possible. It has also been recommended that the affected individuals should closely monitor bank statements and account activity and report any suspicious transactions to the authorities.