The Department of the Premier and Cabinet (DPC) has released information to support the 90,000-plus South Australian Public Servants affected by last year’s Frontier Software data breach.
Speaking in Parliament last week, Treasurer, Stephen Mullighan said a forensic review uncovered that a further 13,088 Public Service staff had had personal information stolen in the attack (in addition to the 80,000 employees announced last year) but did not receive any notification from the State Government.
Issuing its advice to the PS, DPC said all Public Sector employees, except for Department for Education staff, should assume that their personal information had been accessed during the data breach.
It said the information stolen about Public Servants included first name; last name; date of birth; Department; tax file number; home address; bank account details; remuneration; tax withheld; payment type (where applicable); lump sum payment type and amount – e.g. the total amount paid for the period, if applicable; superannuation contribution amount; and reportable fringe benefits tax amount (where applicable).
DPC said specific communications had been sent to individuals where the data accessed were substantially different from the above.
“Based on the outcomes of the independent review, there is no evidence that any passwords, licence numbers, registration details or vaccination statuses were exposed in the Frontier Software data breach,” the Department said.
It said former employees who separated from the Public Sector from 1 July 2014 to 4 November 2021 had also been impacted.
It said that as the Department for Education did not use Frontier Software for payroll services its staff were not affected, however, employees previously employed within another area of the Government of South Australia between 1 July 2014 and 4 November 2021 may have been.
“A range of strategies have been put in place to help protect current and former public sector employees from identity risks,” it said.
DPC said the measures included working with the Australian Taxation Office (ATO) to add additional security measures to all affected tax file numbers; notifying banks and financial institutions to add additional safeguards for employees’ payroll bank accounts; alerting Super SA which has put additional security checks in place for all employee accounts; notifying Maxxia, the South Australian Government’s salary sacrifice provider, which has increased its security measures for employees; and implementing additional controls in Payroll Services for validating changes made or requested to employees’ personal details.
“In addition, the Government of South Australia has partnered with cybersecurity support service, IDCARE, who can offer employees additional advice for specific concerns relating to your personal information – at no cost to employees,” it said.
It said to speak with an IDCARE case manager, book a preferred time by completing an online Get Help form at www.idcare.org or call 08 7078 7741.
DPC said that to reduce the risk of fraudulent activity, public service personnel should keep a close eye on banking and superannuation accounts; protect accounts with multi-factor authentication; be alert to any emails, text messages or unsolicited calls from people requesting personal or account information, including access to devices; periodically review personal payroll details and salary deductions; and use complex passwords on all services.
