Cyber Incident Victim: Frontier Software

On November 13, 2021, Frontier Software, an external payroll software provider for South Australian government agencies, suffered a ransomware attack compromising sensitive employee data. The breach occurred within Frontier’s internal Australian corporate environment, with forensic investigations by Frontier and cybersecurity firm CyberCX confirming unauthorized data exfiltration from a segmented portion of their systems. Conti ransomware operators claimed responsibility for the attack on their data leak portal on November 16, 2021, though the listing was later removed, suggesting possible negotiations. Frontier stated the threat did not spread to client systems through their products, limiting the intrusion to their corporate network. The South Australian government disclosed the incident in December 2021, revealing that attackers accessed records for between 38,000 and 80,000 current and former government employees.

Compromised data included full names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll periods, remuneration amounts, tax withheld, payment types, lump-sum payments, superannuation contributions, and fringe benefits tax information. The Department for Education was unaffected as it did not use Frontier’s services. Affected individuals were advised to scrutinize communications, reset passwords, enable multi-factor authentication, monitor financial accounts for suspicious activity, and utilize free identity protection services through IDCARE. The government directed impacted employees to its website for incident-specific guidance while Frontier maintained the breach was contained to its isolated corporate segment with no evidence of broader system compromise. Forensic analysis and remediation efforts continued post-disclosure, though no further technical details about attacker entry vectors or data recovery processes were publicly confirmed.