Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

SA government defends slow cyber response after 14,000 staff affected

Responding to the criticism it received for its late response, the South Australian government denies accusations that it attempted to cover up being affected by the Super SA cyber breach.

user icon Daniel Croft
Fri, 20 Oct 2023
SA government defends slow cyber response after 14,000 staff affected
expand image

Despite occurring two months ago, knowledge that the South Australian government was affected only came out in the last week, when it was announced by State Treasurer Stephen Mullighan, who said that the delayed response was “simply not good enough”.

“The way government responds to this needs to improve because it is letting, on these sorts of occasions, thousands – sometimes many thousands – of South Australians down,” Mullighan said.

Since the attack was announced, it has been revealed that 14,000 public sector staff have been affected.

============
============

South Australian Premier Peter Malinauskas defended the government’s delayed response.

“The priority has been to get to the 14,000-odd people who are potentially impacted by this,” he said.

At this stage, it is unknown how many state government agencies have been compromised.

The breach occurred after a call centre called Contact 121, hired by Super SA, a superannuation fund for state government workers, announced it was hacked.

The incident follows the aftermath of another cyber attack that SuperSA suffered in 2019, leading it to hire the call centre to contact affected members, according to Mullighan.

Data obtained by the call centre was retained after the contract with SuperSA ended, which Mullighan has said is a major issue that is under investigation.

“It is still being investigated why that call centre provider had retained data on its systems relating to managing that particular agency’s client relations task,” said Mullighan.

“That raises … a series of further questions – what requirements are there for these agencies to not continue holding government data on their ICT systems after they complete doing work for [the] government?

“It is absolutely clear that the way in which these incidents have been managed is not good enough because it’s causing the exposure of sensitive South Australians’ data to be exposed to illegal access.”

Super SA has begun contacting customers and notifying them of the breach, which could have impacted data including names, addresses and birth dates.

The South Australian government and Super SA have both said that it is investigating the incident.

“A third-party provider who was contracted by Super SA, and other government agencies, to provide call centre services has experienced a cyber security incident,” said SuperSA.

“This affects a small cohort of Super SA members, and none of the data held by the third-party provider contains information post-2020.

“We can assure you that the security of member funds and our core operations have not been impacted.”

The breach has raised concerns over hypocrisy, with private organisations required to meet strict deadlines to notify government bodies of security breaches.

For context, organisations that suffer a breach are required to notify the Office of the Australian Information Commissioner “as soon as practicable” and no later than 30 days after it becomes aware of the breach. While the breach did not affect the South Australian government itself, but a third party, two months is a long period to leave affected government staff in the dark.

Responding to the poor response to the breach and the delay in notifying those affected, Mullighan has called for the South Australian government to massively ramp up its cyber security response.

“Government agencies need to do a much, much better job at firstly, trying to insulate themselves as best they can against these attacks in the first place, but secondly, respond to them in a timely, thorough and appropriate way,” he said.

“I’m not convinced that the response from government agencies, let alone the external third-party provider here, has been timely, has been thorough and has been casting a mind as quickly as it should to the impacts to be borne by people who might be impacted by it.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.