State Govt gets $1.7m compensation for payroll data hack

The Division of Treasury and Finance has been in negotiations with payroll supplier Frontier Software program this 12 months over the fallout from a serious ransomware assault in December 2021 which noticed the names, addresses, tax file numbers and banking particulars of greater than 90,000 South Australian public servants accessed.

Treasurer Stephen Mullighan instructed parliament at present there have been nonetheless no confirmed reviews of id theft or fraud stemming from the assault, and all affected public servants “have been straight notified now”.

In response to the Division’s annual report revealed this week, the State Authorities has spent round $640,000 on consultants to handle the results of the assault.

It has additionally been searching for reimbursement and additional compensation from Frontier Software program to cowl the incurred bills.

Mullighan stated Frontier Software program has now agreed to pay $1.75m in compensation to the Division.

“This compensation is in recognition of the continuing penalties and impacts of the cybersecurity incident in late 2021,” he instructed parliament at present.

“It additionally contains the restoration of direct third-party prices incurred by the Division responding to the cyber incident within the earlier monetary 12 months.”

Mullighan stated Frontier would pay a part of the compensation this month through a lump sum after which supply the federal government decreased charges for its payroll providers till June 30, 2024.

It was beforehand unclear whether or not the State Authorities would proceed utilizing Frontier Software program after the previous Marshall Authorities issued the corporate a breach of contract discover in January 2021.

The State Authorities spent $420,000 to have interaction consultants PricewaterhouseCoopers to conduct a serious assessment of the Frontier Software program cybersecurity incident.

Mullighan stated the assessment produced eight suggestions, of which 5 have been addressed by Frontier.

“[This includes] the safe deletion of all South Australian Authorities private data beforehand held on Frontier’s company community,” he stated.

“It’s necessary to remind the Home that this was a breach of Frontier’s community, not a breach of the South Australian Authorities’s payroll system.”

The three remaining suggestions from the PwC assessment are “anticipated to be resolved by the tip of the calendar 12 months”, Mullighan stated.

Along with the PwC assessment, the Treasury Division additionally spent $200,196 to have interaction cybersecurity agency Identification Take care of “recommendation and help to workers impacted by the Frontier cyber incident”, in keeping with the Division’s annual report.

An extra $19,688 went to consultants Deloitte Danger Advisory to offer “exterior net penetration testing of functionalities delivered by Frontier”.

The general value of the three consultancies was $639,884. Mullighan warned in Could the price of managing the cyber-attack might attain $750,000.

InDaily sought remark from Frontier Software program.

Auditor-Common Andrew Richardson earlier this 12 months criticised the State Authorities’s administration of its contract with Frontier Software program.

In his annual “Controls Opinion” report revealed in October, he said there have been inadequate checks of the corporate’s knowledge safety.

“There was no contract administration exercise or threat evaluation to conclude on, or take a look at, Frontier’s compliance with the information safety and storage necessities included within the contract,” the Auditor-Common wrote.

“No management operated to make sure that all internet hosting, assist, upkeep and bureau providers had been performed within the SA Authorities’s Consumer Managed Atmosphere, or assessed whether or not knowledge was routinely taken exterior of that setting.”