PS data breach calls for security action

by John J. Williams

The Department of the Premier and Cabinet (DPC) has released information in support of the more than 90,000 South Australian officials affected by Frontier Software’s data breach last year.

Treasurer Stephen Mullighan said in parliament last week that a forensic investigation revealed that an additional 13,088 public service employees had personal information stolen in the attack (in addition to the 80,000 employees announced the previous year), but no report of the attack—State government.

DPC advised the PS that all public sector employees, except Department for Education personnel, should assume that their personal information had been accessed during the data breach.PS data breach calls for security action

It said the stolen information about officials included the first name; last name; date of birth; Department; tax file number; home address; bank details; compensation; tax withheld; payment type (if applicable); lump sum type, and amount – e.g., the total amount paid for the period, if suitable; the amount of pension contribution; and the reportable tax amount for fringe benefits (if applicable).

DPC said specific communications were sent to individuals whose access to the data differed significantly from the above.

“Based on the independent review results, there is no evidence that any passwords, license numbers, registration information, or vaccination status was exposed in the Frontier Software data breach,” the ministry said.

It told former employees separated from the public sector from July 1, 2014, to November 4, 2021, were also affected.

It said that since the Department of Education did not use Frontier Software for payroll, its staff was unaffected. Still, employees working in another area of ​​the government of South Australia between July 1, 2014, and November 4, 2021, maybe.

“A series of strategies have been put in place to protect current and former public sector employees from identity risks,” it said.

DPC said the measures worked, among other things, with the Australian Tax Agency (ATO) to add additional security measures to all affected tax file numbers; notify banks and financial institutions to add additional safeguards for employees’ bank accounts; alert Super SA to have extra security checks in place for all employee accounts; informing Maxxia, the South Australian government’s payroll provider, that it has increased its security measures for employees; and implementing additional checks in Payroll Services to validate changes made or requested to employees’ personal information.

In addition, the government of South Australia has partnered with cybersecurity support service IDCARE, which can provide employees with additional advice on specific issues related to their personal information — at no cost to employees.

It said to speak with an IDCARE case manager and book a preferred time by completing an online Get Help form at www.idcare.org or 08 7078 7741.

DPC said that to reduce the risk of fraudulent activity, government employees should keep a close eye on bank and pension accounts; secure accounts with multi-factor authentication; be alert to emails, text messages, or unsolicited calls from people requesting personal or report information, including access to devices; periodically check personal salary data and salary deductions; and use complex passwords for all services.

Related Posts