ALERT

River Murray flood
Where to find the latest information and advice.

Frontier Software data breach

On 14 November 2021, Frontier advised the South Australian Government that it had been the victim of a data breach. At that time Frontier publicly stated that no employee personal information had been compromised.

On 9 December 2021, contrary to Frontier’s previous statements, it was identified that significant personal information of South Australian Government employees had been stolen from Frontier’s systems.

A range of strategies have been put in place to help protect current and former public sector employees from identity risks.

A detailed independent review of the Frontier Software data breach has recently been completed. The review included confirming what data was exposed during the data breach, and making recommendations to minimise the risk of a similar event happening again.

The independent review identified additional personal information stolen from Frontier’s systems during the data breach. Communication regarding these exposures have been sent directly to impacted individuals by their last recorded postal address in the payroll system.

On this page

    What personal information was accessed?

    The data accessed relates to current and some former employees of the South Australia Government only.  For a majority of affected individuals the exposed data contains the following identifying information:

    • first name
    • last name
    • date of birth
    • department
    • tax file number
    • home address
    • bank account details
    • remuneration
    • tax withheld
    • payment type (where applicable)
    • lump sum payment type and amount - eg the total amount paid for the period, if applicable
    • superannuation contribution amount
    • reportable fringe benefits tax amount (where applicable).

    Specific communications have been sent to individuals where the data accessed is substantially different from the above.

    Based on the outcomes of the independent review, there is no evidence that any passwords, licence numbers, registration details or vaccination statuses were exposed in the Frontier Software data breach.

    Are former public sector employees affected by this data breach?

    Former employees who separated from the public sector from 1 July 2014 to 4 November 2021 have also been impacted.  A letter has been sent to all affected former public sector employees using the last recorded postal address in the payroll system.

    What action has the government taken?

    The state government has taken immediate steps to inform affected current and former public sector employees of Frontier Software’s data breach and address all potential areas of exposure, including:

    • Working with the Australian Taxation Office (ATO) to add additional security measures to all affected tax file numbers. These measures aim to detect fraudulent activity. There is nothing further you need to do with the ATO, however if you have any concerns, you may wish to contact the ATO’s specialist Client Identity Support Centre on 1800 467 033, Monday to Friday, 8:00 am to 6:00 pm.
    • Notifying banks and financial institutions to add additional safeguards for employees' payroll bank accounts, however if you have any concerns, please contact your bank directly.
    • Alerting Super SA, the public sector employee superannuation scheme, which has put additional security checks in place for all employee accounts.
    • Notifying Maxxia, the South Australian Government’s salary sacrifice provider, which has increased its security measures for employees.
    • Implementing additional controls in Payroll Services for validating changes made or requested to employees' personal details - eg bank account, address, email, phone numbers and deductions.

    The SA Privacy Committee, Office of the Australian Information Commissioner, South Australia Police, the Australian Cyber Security Centre and the Australian Federal Police were notified of the incident.

    What should I do?

    There are some simple steps you can take to reduce your risk of fraudulent activity:

    • Keep a close eye on banking and superannuation accounts.
    • Protect accounts with multi-factor authentication.
    • Be alert to any emails, text messages or unsolicited calls from people requesting personal or account information, including access to devices. Do not respond to any requests until you have made your own enquiries with the organisation they claim to be from.
    • If you are a current public sector employee, periodically review your personal payroll details and salary deductions via the HR21 Employee and Manager self-service portal.
    • Use complex passwords on all services.

    If you observe any anomalies or suspicious activity, report it to:

    In addition, the Government of South Australia has partnered with cybersecurity support service, IDCARE, who can offer employees additional advice for specific concerns relating to your personal information – at no cost to employees.

    If you wish to speak with an IDCARE case manager, please book a preferred time by completing an online Get Help form at www.idcare.org or call 08 7078 7741 (Monday to Friday, 8:30 am to 5:30 pm ACDT). When engaging IDCARE use the referral code FSSA22.

    Employees can engage with IDCARE and any other support you need during work time to protect your personal information.

    Who is IDCARE?

    IDCARE is a not-for-profit charity that connects the community to identity and cyber security case managers who listen and provide advice on how to respond to data breaches, scams, identity theft and cyber security concerns.

    How can IDCARE help me?

    In addition to providing specific responses to any technical questions you may have, IDCARE can help you understand:

    • What are the potential risks to me?
    • What can I do about this?
    • How long do any preventative measures have to be in place?
    • Who are the criminals and what can they do with my information?

    Have the state government's systems been compromised?

    No, Frontier Software’s corporate systems were compromised. Frontier Software is an external supplier to the state government.

    Why does Frontier Software have my personal employee information?

    Frontier Software has been providing payroll software and related services to the Government of South Australia since 2001.

    All organisations providing payroll services require access to personal information in order to make salary payments and meet Australian Taxation Office reporting obligations.

    Frontier Software is required to comply with a range of contractual and legislative requirements regarding the protection of personal information provided to it by the Government of South Australia.

    What steps did the government take to ensure that data was protected by Frontier Software?

    The state government's contract with Frontier Software includes clear obligations to protect personal information and meet all applicable government security and privacy standards.

    The Government of South Australia undertakes regular independent security tests and reviews of Frontier Software's systems.

    Will I be informed if my personal information has been compromised?

    All current public sector employees who commenced prior to 4 November 2021, except for Department for Education staff, should assume that your personal information has been accessed during Frontier Software's data breach.

    Former employees who separated from the public sector from 1 July 2014 to 4 November 2021 have also been affected.  A letter has been sent to all affected former public sector employees using the last recorded postal address in the payroll system.

    We have urged all affected current and former public sector employees to take immediate steps to reduce their risk of fraudulent activities.

    Have you informed the Australian Taxation Office?

    We have reported this incident to the Australian Taxation Office (ATO). The ATO has processes for the management of data breaches and take measures to protect citizens from fraud.

    There are no further steps you need to take with the ATO, however, if you have any concerns you may wish to contact the ATO’s specialist Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00 am to 6:00 pm.

    More information is available on the ATO website

    Why aren’t Department for Education employees affected?

    The Department for Education does not use Frontier Software for payroll services.

    Department for Education employees previously employed within another area of the Government of South Australia between 1 July 2014 and 4 November 2021 may have been affected.

    Will the state government continue to use Frontier Software?

    The state government’s initial focus has been on supporting current and former employees affected by the data breach on Frontier Software’s systems.

    A default notice has been issued to Frontier Software regarding its failure to adequately protect the personal information of public sector employees.

    Have the banks been notified of this incident?

    Yes, banks and financial institutions have been notified and have taken steps to protect employees of the Government of South Australia. If you have any concerns, you may wish to contact your financial institution.

    Which superannuation funds have been notified of this incident?

    The following superannuation funds have been notified:

    • Super SA, the government’s primary superannuation provider
    • Commonwealth Superannuation Corporation
    • Mercer, the superannuation provider for the SA Metropolitan Fire Service.

    If you are with another superannuation fund, you should contact them directly to discuss any security concerns.

    What is Super SA doing in response to this incident?

    Super SA has strong controls in place to mitigate the risk of fraud. To provide further protection Super SA has immediately applied additional security controls and checks to member accounts.

    If you contact Super SA you may be asked additional questions, asked to provide extra proof of identity documents, or be sent a unique code to identify you as the account holder when accessing your account.

    Members can request that a password be applied to their account by phoning Member Services on 1300 369 315 or by visiting the Member Centre at 151 Pirie Street, Adelaide.

    What support is available for high-risk or vulnerable people - eg victims of domestic violence?

    The Government of South Australia has partnered with cybersecurity support service, IDCARE, to support employees with a specific response plan and provide personal support throughout the process – at no cost to employees.

    IDCARE is highly experienced in supporting high-risk and vulnerable people with matters of this kind.

    Anyone affected by this incident, but particularly high risk and vulnerable persons can speak to one of their case managers by booking a preferred time by completing an online ‘Get Help’ form at www.idcare.org or call 08 7078 7741 (Monday to Friday, 8:30 am to 5:30 pm ACDT). When engaging IDCARE, employees should use the referral code FSSA22.

    What should I do if I see unusual activity on my financial account?

    Monitor your financial accounts for unauthorised transactions and unusual activity. If you identify anything of concern, contact your financial institutions as soon as possible.

    Financial institutions can provide advice on the actions that will be taken to identify and investigate unauthorised transactions and unusual activity.

    The Government of South Australia has partnered with cybersecurity support service, IDCARE, who can develop a specific response plan and provide personal support throughout the process – at no cost to employees.

    Will my access to perform online ATO services via MyGov be impacted?

    Where your superannuation account details have been exposed as part of the Frontier data breach, the safeguards implemented by the ATO to protect you, may include restricting access to perform online ATO services (eg tax return lodgement) using MyGov. If you experience this issue, please contact the ATO’s Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00 am to 6:00 pm AEST.


    Was this page useful?

    Thanks for contributing - your feedback helps us improve this website.


    Page last updated 18 May 2022

    Provided by:
    Department of the Premier and Cabinet
    URL:
    https://www.sa.gov.au/topics/emergencies-and-safety/types/cyber-security/frontier-software-data-breach
    Last Updated:
    18/05/22
    Printed on:
    10/12/22
    Copyright statement:
    SA.GOV.AU is licensed under a Creative Commons Attribution 4.0 Licence. © Copyright 2022
    Close