The Indigenous Land and Sea Corporation (ILSC) was recently informed by its external payroll software provider, Frontier Software Pty Ltd (Frontier), that they were the victim of a ransomware cyber-attack directed at Frontier’s systems.
A direct consequence of this is that some individuals, such as employees, related to the ILSC during October-November 2006 have been directly impacted by this breach.
To be clear, there has been no incursion into the ILSC’s servers or systems, and the ILSC is confident of the security of our network. The ILSC is doing everything that it can in response to the Frontier cyber-attack.
What happened?
On 13 November 2021, Frontier became aware that they had been targeted by a criminal ransomware organisation when a number of their systems were impacted. Frontier immediately took action to shut down both their hosted client environment and their internal corporate environment. Frontier also immediately sought the assistance of external cyber security and forensic specialists who have been working alongside their IT security team and the business globally to help contain the event, recover their systems, harden their security and investigate the breach.
The investigation into the root cause and data impacted as a result of the breach is still ongoing.
How is the ILSC impacted?
On 22 December 2021, Frontier notified the ILSC that they had identified data belonging to the ILSC that was on Frontier’s corporate environment, had been exfiltrated.
What information was involved?
Frontier confirmed that the ILSC’s impacted data comprises Australian Banking Association (ABA) files for a number of specific individuals and specifically consists of the following categories of data:
- Account Name
- BSB number
- Account number
- Value of transaction
Data files since provided by Frontier, have been analysed and it has been confirmed that the data in question related to Electronic Funds Transfer files during the period October and November 2006.
Importantly, the impacted data is limited only to the information above and does not include any other personal information. In particular, it does not include core identity information such as your Tax File Number, date of birth, home addresses, or other contact details.
To the best of our knowledge, this data has not been published online by the criminal group and Frontier are taking preventative measures to prevent any further misuse of this information.
Frontier have advised that, to the best of their knowledge, this data has not been subject to any leaking on the dark web and has not been made generally available beyond the individual who originally took the data for the purposes of extortion.
The ILSC has also been assured that Frontier are taking steps they believe should be effective to prevent any further misuse of your data.
What is Frontier doing?
Frontier continues to work with their independent cyber security and forensics partners to assist their IT administrators to investigate the breach, understand the data impacted, provide advice on how to meet regulatory obligations and most importantly how to minimise risk to affected individuals. Frontier have notified the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Commission (ASCS) and the Australian Federal Police (AFP) that this breach has occurred and their communications with them is ongoing.
As a result of that work, Frontier have made enhancements to the security of their systems and are continuing to work on additional security measures. Frontier remains more committed than ever to providing safe and secure information systems.
What are the ILSC doing?
As the breach of security did not occur to any system that we control, it is very difficult for the ILSC to take direct action. We are, however, working to ensure Frontier take all necessary steps to minimise any harm caused by this matter. The ILSC is keeping in close contact with Frontier to ensure that any further developments are notified to us immediately.
We are taking steps to make the information contained on this page known to all those who have been impacted about the cyber-attack and notifying the Office of the Australian Information Commissioner.
We also have staff available to assist with any enquiries about the cyber-attack. See further information.
What you can do?
There are some simple steps you can take to reduce your risk of fraudulent activity:
- Keep a close eye on banking and superannuation accounts for unauthorised transactions and unusual activity. If you identify anything of concern, contact your financial institutions as soon as possible. Financial institutions can provide advice on the actions that will be taken to identify and investigate unauthorised transactions and unusual activity.
- Protect accounts with multi-factor authentication.
- Be alert to any emails, text messages or unsolicited calls from people requesting personal or account information, including access to devices – do not respond to any requests until you have made your own enquiries with the organisation they claim to be from.
- If you are a current ILSC employee, periodically review your personal payroll details and salary deductions via the HR21 Employee Self-service portal.
- Use complex passwords on all services and change these regularly.
If you observe any anomalies or suspicious activity, report it to:
- the relevant organisation (e.g. financial institution)
- Scamwatch
- Australian Cyber Security Centre
- Services Australia
Importantly, take care of yourself. If the content of this letter causes you distress, contact your doctor, a support service or your family and friends.
Further information
Should we discover that any further data of the ILSC has been impacted, we will make further contact with affected individuals as soon as possible.
For specific questions or concerns about the information in this letter or the incident more broadly, please contact ILSC’s Privacy Officer Ms Leah Ritchie by phone on (08) 8100 7125 or by email leah.ritchie@ilsc.gov.au