{
	"id": "fae98a02-432b-4595-afef-a76abbb9677c",
	"created_at": "2026-04-06T00:18:25.501256Z",
	"updated_at": "2026-04-10T03:21:58.024016Z",
	"deleted_at": null,
	"sha1_hash": "76d9caf9208535d3d8400f7e1d27a8a7a3a6419f",
	"title": "Data breach impacts 80,000 South Australian govt employees",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1806822,
	"plain_text": "Data breach impacts 80,000 South Australian govt employees\r\nBy Bill Toulas\r\nPublished: 2021-12-10 · Archived: 2026-04-05 18:21:27 UTC\r\nThe South Australian government has disclosed that the sensitive personal information belonging to tens of thousands of its\r\nemployees was compromised following a ransomware attack that hit the system of an external payroll software provider last\r\nmonth.\r\nThe number of records accessed by hackers corresponds to at least 38,000 SA government employees, but it could be as high\r\nas 80,000 according to South Australia's Treasurer Rob Lucas.\r\nThe breached company behind this data breach is Frontier Software, which suffered from a ransomware attack on November\r\n13, 2021.\r\nhttps://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nAccording to the company's statement on the incident, the threat didn't pivot to client systems through their products and the\r\ndata exfiltration only affected a specific segmented environment.\r\n\"The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now\r\nconfirmed evidence of some data exfiltration from Frontier Software’s internal Australian corporate environment,\" the\r\ncompany said. \r\n\"We have not identified evidence of compromise or exfiltration outside this segmented environment.\"\r\nThe data that has been compromised according to the South Australian government includes the following:\r\nFirst name\r\nLast name\r\nDate of birth\r\nTax file number\r\nHome address\r\nBank account details\r\nEmployment start date\r\nPayroll period\r\nRemuneration\r\nTax withheld\r\nPayment type (where applicable)\r\nLump-sum payment type and amount (if applicable)\r\nSuperannuation contribution\r\nReportable fringe benefits tax amount (where applicable)\r\nThe only public entity that wasn't affected by the incident is the Department for Education, which does not use Frontier\r\nproducts.\r\n\"The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted, with the\r\nexception of teachers and the Department for Education,\" Lucas told ABC News after disclosing the data breach. \r\n\"Having the bank account details doesn't give you access to the bank account, but it's the first step in trying to crack a code\r\nin terms of passwords.\r\n\"We expect the state government to take all possible steps to review its cyber security measures in order to prevent such an\r\nevent in the future.\"\r\nGovernment employees affected by this incident are advised to treat incoming emails, calls, and SMS with\r\ncaution. Additionally, everyone should reset their passwords and activate two-factor authentication where possible.\r\nAffected individuals should closely monitor bank statements and account activity and report any suspicious transactions to\r\nthe authorities. Exposed people can take advantage of a free IDCARE cyber-security support service offering, following the\r\ninstructions laid out on the incident announcement on the SA government website.\r\nConti ransomware behind the breach\r\nBleeping Computer has seen an announcement on Conti ransomware's data leak portal dated November 16, 2021, which\r\nmatches the attack details shared by Frontier Software in their statement.\r\nHowever, the listing has since been removed from the portal, which probably means the negotiations have ended.\r\nhttps://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nPage 3 of 5\n\nFrontier listing on the Conti portal\r\nConti, a long-lived Ransomware as a Service (RaaS) operation, still manages to evade prosecution even after high-profile\r\nincidents against vital national resources such as Ireland's Department of Health.\r\nThe gang is believed to be behind the recent revival of the notorious Emotet botnet, which could lead to a massive new wave\r\nof ransomware infections.\r\nThis week, Conti took responsibility for the attack against Nordic Choice Hotels, a Scandinavian hotel chain with 200\r\nproperties.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nPage 4 of 5\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nhttps://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/"
	],
	"report_names": [
		"data-breach-impacts-80-000-south-australian-govt-employees"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434705,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/76d9caf9208535d3d8400f7e1d27a8a7a3a6419f.pdf",
		"text": "https://archive.orkl.eu/76d9caf9208535d3d8400f7e1d27a8a7a3a6419f.txt",
		"img": "https://archive.orkl.eu/76d9caf9208535d3d8400f7e1d27a8a7a3a6419f.jpg"
	}
}