Frontier Software data breach

The Government of South Australia was recently informed by its external payroll software provider, Frontier Software, that it was the victim of a ransomware cyber-attack directed at Frontier Software.

On 9 December 2021, the state government confirmed that significant personal information of Government of South Australia employees had been stolen from Frontier’s systems.

This came after Frontier on the previous evening confirmed for the first time that some state government data had been stolen from their network, and published on the dark web.

Data files since provided by Frontier Software, which are believed to be amongst the records stolen during the data breach, have been analysed and it has been confirmed that personal information belonging to nearly 80,000 public sector employees has been exposed.

All public sector employees, except for Department for Education staff, should assume that your personal information has been accessed during the cyber-attack on Frontier Software's systems.

On this page

    What personal information was accessed?

    The data accessed relates to employees of the Government of South Australia only and contains the following identifying information:

    • First name
    • Last name
    • Date of birth
    • Department
    • Tax file number
    • Home address
    • Bank account details
    • Remuneration
    • Tax withheld
    • Payment type (where applicable)
    • Lump sum payment type and amount - eg the total amount paid for the period, if applicable
    • Superannuation contribution
    • Reportable fringe benefits tax amount (where applicable).

    Based on what we know now, no passwords, licence numbers, registration details or vaccination statuses were exposed in the Frontier Software data breach.

    Are former public sector employees affected by this data breach?

    All public sector employees, including former employees who separated from the public sector between 1 July 2020 and 4 November 2021 (except for Department for Education staff), should assume that your personal information has been accessed during Frontier Software's ransomware cyber-attack.

    What action has the government taken?

    The state government has taken immediate steps to inform public sector employees and people on the state government's payroll of Frontier Software’s ransomware cyber-attack and address all potential areas of exposure, including:

    • Working with the Australian Taxation Office (ATO) to add additional security measures to all affected tax file numbers. These measures aim to detect fraudulent activity. There is nothing further you need to do with the ATO, however if you have any concerns, you may wish to contact the ATO’s specialist Client Identity Support Centre on 1800 467 033, Monday to Friday, 8:00 am to 6:00 pm.
    • Notifying banks and financial institutions to add additional safeguards for employees' payroll bank accounts. There is nothing further you need to do with your bank, however if you have any concerns, please contact your bank directly.
    • Alerting Super SA, the public sector employee superannuation scheme, which has put additional security checks in place for all employee accounts.
    • Notifying Maxxia, the South Australian Government’s salary sacrifice provider, which has increased its security measures for employees.
    • Working with Services Australia to implement additional security measures for employees.
    • Payroll Services implementing additional controls for validating changes made or requested to employees' personal details - eg bank account, address, email, phone numbers and deductions.

    The SA Privacy Committee, Office of the Australian Information Commissioner, South Australia Police, the Australian Cyber Security Centre and the Australian Federal Police have also been notified.

    What should I do?

    There are some simple steps you can take to reduce your risk of fraudulent activity:

    • Keep a close eye on banking and superannuation accounts.
    • Protect accounts with multi-factor authentication.
    • Be alert to any emails, text messages or unsolicited calls from people requesting personal or account information, including access to devices – do not respond to any requests until you have made your own enquiries with the organisation they claim to be from.
    • Periodically review your personal payroll details and salary deductions via the HR21 Employee and Manager self-service portal.
    • Use complex passwords on all services.

    If you observe any anomalies or suspicious activity, report it to:

    In addition, the Government of South Australia has partnered with cybersecurity support service, IDCARE, who can offer employees additional advice for specific concerns relating to your personal information – at no cost to employees.

    If you wish to speak with an IDCARE case manager, please book a preferred time by completing an online Get Help form at www.idcare.org or call 08 7078 7741 (Monday to Friday, 8:30 am to 5:30 pm ACDT). When engaging IDCARE use the referral code FSSA22.

    Employees can engage with IDCARE and any other support you need during worktime to protect your personal information.

    Who is IDCARE?

    IDCARE is a not-for-profit charity that connects the community to identity and cyber security case managers who listen and provide advice on how to respond to data breaches, scams, identity theft and cyber security concerns.

    How can IDCARE help me?

    In addition to providing specific responses to any technical questions you may have, IDCARE can help you understand:

    • what are the potential risks to me?
    • what can I do about this?
    • how long do any preventative measures have to be in place?
    • who are the criminals and what can they do with my information?

    Does IDCARE have my personal information?

    No, IDCARE is a support service that provides independent specialist advice in response to data breaches, scams, identity theft and cyber security concerns, but does not have access to any personal or identifying information.

    Have the state government's systems been compromised?

    No, Frontier Software corporate systems were compromised. Frontier Software is an external supplier to the state government.

    Why does Frontier Software have my personal employee information?

    Frontier Software has been providing payroll services to the Government of South Australia since 2001.

    All organisations providing payroll services require access to personal information in order to make salary payments and meet Australian Taxation Office reporting obligations.

    Frontier Software is required to comply with a range of contractual and legislative requirements regarding the protection of personal information provided to it by the Government of South Australia.

    Are employee pay runs impacted?

    No, the state government is operating business as usual, with standard payroll processing service levels and timeframes.

    What steps did the government take to ensure that data was protected by Frontier Software?

    The state government's contract with Frontier Software includes a requirement to meet government security and privacy standards.

    The Government of South Australia undertakes regular independent security tests and reviews of Frontier Software's systems.

    When did the government find out my data was breached?

    The Government of South Australia's Office for Cyber Security became aware of Frontier Software's ransomware cyber-attack on 14 November 2021. Frontier Software advised at this time that no government payroll data had been compromised.

    On 9 December 2021, the state government confirmed that significant personal information of Government of South Australia employees had been stolen from Frontier's systems.

    On 14 December 2021, the state government confirmed that personal information belonging to nearly 80,000 public sector employees has been exposed.

    Will I be informed if my personal information has been compromised?

    Personal information belonging to nearly 80,000 public sector employees has been exposed. All public sector employees, except for Department for Education staff, should assume that your personal information has been accessed during Frontier Software's ransomware cyber-attack.

    Former employees who separated from the public sector between 1 July 2020 and 4 November 2021 will be informed of the Frontier Software data breach.

    We have urged all employees to take immediate steps to reduce their risk of fraudulent activities.

    Have you informed the Australian Taxation Office?

    We have reported this incident to the Australian Taxation Office (ATO) so that additional security measures can be added to your tax file number. These measures aim to detect fraudulent activity.

    The ATO has placed safeguards on ATO accounts that they have identified may be associated with the Frontier cyber incident. This does not mean those ATO accounts have been compromised. The ATO continue to work with Frontier and are still investigating the matter to confirm details of the breach. Once this investigation has finished the ATO will reassess the safeguards in place.

    There is nothing further you need to do with the ATO. If you have any concerns you may wish to contact the ATO’s specialist Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00 am to 6:00 pm.

    More information is available on the ATO website.

    Why aren’t Department for Education employees affected?

    The Department for Education does not use Frontier Software for payroll services.

    Department for Education employees previously employed within another area of the Government of South Australia between 1 July 2020 and 4 November 2021 may have been affected. Please consider the advice provided.

    Will the state government continue to use Frontier Software?

    Right now the priority is the security of employees affected by this incident and helping them to access support.

    The state government is working very closely with Frontier Software to investigate how this incident occurred. We need to understand this first.

    Have the banks been notified of this incident?

    Yes, banks and financial institutions have been notified and are actively taking steps to protect employees of the Government of South Australia. If you have any concerns, you may wish to contact your financial institution.

    Which superannuation funds have been notified of this incident?

    The following superannuation funds have been notified:

    • Super SA, the government’s primary superannuation provider
    • Commonwealth Superannuation Corporation
    • Mercer, the superannuation provider for the SA Metropolitan Fire Service.

    If you are with another superannuation fund, you should contact them directly to discuss any security concerns.

    What is Super SA doing in response to this incident?

    Super SA has strong controls in place to mitigate the risk of fraud. To provide further protection Super SA has immediately applied additional security controls and checks to member accounts.

    If you contact Super SA you may be asked additional questions, asked to provide extra proof of identity documents, or be sent a unique code to identify you as the account holder when accessing your account.

    Members can request that a password be applied to their account by phoning Member Services on 1300 369 315 or by visiting the Member Centre at 151 Pirie Street, Adelaide.

    What support is available for high-risk or vulnerable people - eg victims of domestic violence?

    The Government of South Australia has partnered with cybersecurity support service, IDCARE, to support employees with a specific response plan and provide personal support throughout the process – at no cost to employees.

    IDCARE is highly experienced in supporting high-risk and vulnerable people with matters of this kind.

    Anyone affected by this incident, but particularly high risk and vulnerable persons can speak to one of their case managers by booking a preferred time by completing an online ‘Get Help’ form at www.idcare.org or call 08 7078 7741 (Monday to Friday, 8:30 am to 5:30 pm ACDT). When engaging IDCARE, employees should use the referral code FSSA22.

    I get reimbursed by the government for training or taxi reimbursements, has that been affected?

    No, the breach relates to Frontier Software's Chris21 system only and this training or taxi reimbursements is not held in Chris21.

    What should I do if I see unusual activity on my financial account?

    Monitor your financial accounts for unauthorised transactions and unusual activity. If you identify anything of concern, contact your financial institutions as soon as possible.

    Financial institutions can provide advice on the actions that will be taken to identify and investigate unauthorised transactions and unusual activity.

    The Government of South Australia has partnered with cybersecurity support service, IDCARE, who can develop a specific response plan and provide personal support throughout the process – at no cost to employees.


    Additional resources


    Was this page useful?


    Page last updated 11 January 2022

    Provided by:
    Department of the Premier and Cabinet
    URL:
    https://www.sa.gov.au/topics/emergencies-and-safety/types/cyber-security/frontier-software-data-breach
    Last Updated:
    11/01/22
    Printed on:
    21/01/22
    Copyright statement:
    SA.GOV.AU is licensed under a Creative Commons Attribution 4.0 Licence. © Copyright 2022
    Close