Data on Tens of Thousands of South Australian Government Employees Breached in Ransomware Attack

“Russian hackers have stolen and published the personal data of tens of thousands of employees…” reports the Australian Financial Review.

Government officials have confirmed the breach — part of a ransomware attack — and say the stolen data may even include info on the country’s premier, according to an Australian public broadcaster:
The government said the records of at least 38,000 employees, but potentially up to 80,000 workers, have been accessed in a cyber-attack on external payroll software provider Frontier Software. The data includes names, dates of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation contributions… Treasurer Rob Lucas said politicians, including Premier Steven Marshall, could be among those affected.

The treasurer added the breach potentially impacted “The highest of the high to the lowest of the low and all of the rest of us in between.” Except for schoolteachers, and the Department of Education, who did not use Frontier’s software.

The website publishing the 3.75 gigabytes of data claimed it was just 10% of the total amount, according to the Australian Financial Review, which “understands Russian organised crime group Conti, which claimed credit for launching the cyberattack on Queensland’s energy network CS Energy, published the information.”
Australian Payroll Association chief executive Tracy Angwin said the hack was a wake-up call to employers using remotely accessed payroll systems to ensure they were secure…

Frontier Software said the hacker responsible for the incident was known to employ a “double extortion” strategy, which included encrypting systems and stealing the data.

In another report, Bleeping Computer describes Conti as “a long-lived Ransomware as a Service operation” that “still manages to evade prosecution even after high-profile incidents against vital national resources such as Ireland’s Department of Health.”

The gang is believed to be behind the recent revival of the notorious Emotet botnet, which could lead to a massive new wave of ransomware infections. This week, Conti took responsibility for the attack against Nordic Choice Hotels, a Scandinavian hotel chain with 200 properties.

Thanks to Macfox (Slashdot reader #50,100) for tipping us off to the news.

Read more of this story at Slashdot.