The Indigenous Land and Sea Corporation (ILSC) previously advised that its external payroll software provider, Frontier Software Pty Ltd (Frontier), had been the victim of a ransomware cyber-attack directed at Frontier’s systems.
We have been advised of additional data being taken relating to individuals previously notified and more individuals being affected than was previously known. The breach is still limited to Employees or Directors, related to the ILSC during October-November 2006.
If you, or someone you know, was connected to the ILSC during October-November 2006 please view our website below for more information, or share this message with them, and follow the steps we have provided in the link.
There has been no incursion into the ILSC’s systems and we are confident of the security of our network, however we continue to take this incident very seriously and will continue to keep those individuals who may have been impacted with up to date information.
What originally happened?
In December 2021 ILSC was informed by its external payroll software provider, Frontier Software Pty Ltd (Frontier), that they were the victim of a ransomware cyber-attack directed at Frontier’s systems. Frontier advised that an unauthorised third party had improperly accessed to its network and exfiltrated certain data held by Frontier.
At the time, we were advised by Frontier that some individuals related to ILSC or Primary Partners Pty Ltd (as it is now known) during October-November 2006 had been directly impacted by this breach, which included some personal details of those individuals. At that time, we reached out to those employees (both current and former) who were affected.
Based on the information then provided by Frontier, it was understood you were not affected.
What is happening now?
As a part of its ongoing investigation of the breach, Frontier undertook a “deep dive” into their systems and discovered the extent of the breach was greater, both as to numbers affected and information taken.
Frontier has recently provided the ILSC with details of those discovered to have been affected and the extent of the personal information taken.
You are receiving this letter because we have identified you as a person whose information is now known to have been compromised. Through this process, personal information belonging to you was identified as part of the data that was copied from Frontier’s internal corporate network.
I ask that you take some time to read this letter, follow any relevant suggested steps and contact us for further information or clarification.
To be clear, there has been no incursion into ILSC’s servers or systems, and the ILSC is confident of the security of our network.
What information was involved?
Frontier confirmed that the impacted data for its 2006 staff consists of the following categories of data:
- Account Name
- BSB number
- Account number
- Value of transaction
- Date of Birth
- Salary Information
- Superannuation number
- Account username
- Address
- Tax File Number (TFN)
To be clear, not all of this information was taken for all affected staff. Further, to the best of our knowledge, this data has not been published online by the criminal group and Frontier are taking preventative measures to prevent any further misuse of this information.
It is also important to note that Frontier have reconfirmed that, to the best of their knowledge, this data has not been subject to any leaking on the dark web and has not been made generally available beyond the individual who originally took the data for the purposes of extortion.
The ILSC has also been assured that Frontier are continuing to monitor the situation as well as taking steps they believe should be effective to prevent any further misuse of your data.
What is Frontier doing?
Frontier Software has informed us that it originally reported the incident to the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) and relevant state police. They also confirmed that they continue to work with each of these agencies and departments to deal with the breach.
Where a TFN has been accessed, Frontier have advised the Australian Tax Office so they can apply additional security measures and monitor for any potential misuse of that TFN.
We understand that these measures may impact access to your myGov account, but this is all with a view to providing additional protection. For further information you can contact the ATO Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00 am–6:00 pm AEST. Additional information about the security safeguards that may need to be applied to your account is available at https://www.ato.gov.au/general/online-services/identity-security-and-scams/help-for-identity-theft/data-breach-guidance-for-individuals/.
Frontier Software has also alerted Services Australia to the incident. Where impacted information includes information for which Services Australia is responsible, Services Australia has added additional security measures to protect those details where relevant.
What is ILSC doing?
As the breach of security did not occur to any system that we control, it is very difficult for ILSC to take direct action. We are, however, working to ensure Frontier take all necessary steps to minimise any harm caused to our staff, both present and former. The ILSC is keeping in close contact with Frontier to ensure that any further developments are notified to us immediately. Please be assured that we will advise you of any further developments, should the need arise.
As the breach involves the personal information of both current and previous staff, we are notifying all those who have been impacted.
Information about this data breach will also be reported on ILSC website and social media pages in accordance with the requirements of the Notifiable Data Breach scheme contained in Part IIIC of the Privacy Act 1988 (Cth).
What can you do?
If you are concerned about the potential misuse of your personal information, Frontier has arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service.
If you wish to access IDCARE’s services, please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at https://www.idcare.org/contact/get-help or by calling 1800 595 160.
When accessing IDCARE’s services please provide the referral code ‘FDI2-ID’.
Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information https://www.idcare.org/learning-centre.
Please continue to remain alert to any increased scam activity, especially email and SMS or telephone phishing scams (i.e., fraudulent communications disguised as if to look like they come from an organisation you trust) and, in particular any such scam activity purporting to come from Frontier or ILSC.
Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites.
https://www.cyber.gov.au/acsc/view-all-content/threats
There are some simple steps you can take to reduce your risk of fraudulent activity:
- Keep a close eye on banking and superannuation accounts for unauthorised transactions and unusual activity. If you identify anything of concern, contact your financial institutions as soon as possible. Financial institutions can provide advice on the actions that will be taken to identify and investigate unauthorised transactions and unusual activity.
- Protect accounts with multi-factor authentication.
- Be alert to any emails, text messages or unsolicited calls from people requesting personal or account information, including access to devices – do not respond to any requests until you have made your own enquiries with the organisation they claim to be from.
- If you are a current ILSC employee, periodically review your personal payroll details and salary deductions via the HR21 Employee Self-service portal.
- Use complex passwords on all services and change these regularly.
If you observe any anomalies or suspicious activity, report it to:
- the relevant organisation (e.g. financial institution)
- Scamwatch
- Australian Cyber Security Centre
- Services Australia.
Importantly, take care of yourself. If the content of this letter causes you distress, contact your doctor, a support service or your family and friends.
Further information
Should we discover that any further data of the ILSC has been impacted, we will make further contact with affected individuals as soon as possible.
For specific questions or concerns about the information in this letter or the incident more broadly, please contact ILSC’s Privacy Officer Ms Leah Ritchie by phone on 08 8100 7125 or by email leah.ritchie@ilsc.gov.au.
Thank you for your patience and understanding as we continue to respond to this incident. The ILSC takes your privacy and the protection of your personal and sensitive information very seriously.
We are pleased that Frontier has taken steps which we are confident have the effect of redressing the harm that might otherwise have been caused. Nevertheless, we sincerely apologise for this breach and any inconvenience that may be caused as a result.