Treasurer Rob Lucas revealed the breach on Friday, confirming private and financial records of at least 38,000 employees had been accessed – with more than twice as many potentially impacted.

The State Government’s external payroll software provider, Frontier Software, had been hit by a major ransomware attack with “significant personal information of SA Government employees” stolen, including their name, date of birth, tax file number, home address, bank account details, remuneration, payroll period, employment start date, superannuation contribution and amount of tax withheld.

The Public Service Association today confirmed it was seeking legal advice over the breach on behalf of its members, demanding the Government cover the costs of any employees affected.

Acting General Secretary Natasha Brown told InDaily in a statement the union was “very concerned about the recent serious data breach and the potential consequences for PSA members”.

“The PSA is seeking legal advice on behalf of members about their rights and options for dealing with any adverse consequences that might flow from this serious data breach,” she said.

“The PSA expects the government to cover any costs to members of any adverse consequences of this serious data breach – including any financial losses.

“The government must take full responsibility for the integrity of this very sensitive data.”

She said the union would be writing to the Government after it had received a legal briefing, saying: “The government might have privatised the service – but they cannot privatise their responsibility for our members’ personal sensitive data.”

The Government payroll was outsourced to Frontier Software Australia in 2002, with the company’s website emphasising its success in consolidating the data structures of multiple agencies.

“To date, Frontier Software has never missed a pay for the [Government of SA], even during the power outage of 2016,” the site boasts.

Lucas said the Government was also seeking legal advice, but that he was “sympathetic” to the plight of anyone who was financially disadvantaged – stressing that to date there was no evidence of anyone’s accounts being accessed.

“At this stage it’s hypothetical because we’re not aware of anything… we’re not aware of anyone’s bank account details having been hacked,” he said.

He said relevant institutions had undertaken to add an additional level of security for people attempting to alter their bank account details.

“If anyone rings up and wants their bank account details changed, the financial institutions will ask additional questions which are not part of the data breach,” he said.

“There’s a whole range of thing which are being done to minimise this prospect [but] in the event that there is I’m sympathetic.”

He said the Government was “obviously seeking legal advice on a range of things as well to see whether Frontier and their insurers have any liability for compensation” if it is necessary.

However, he said it was premature to consider tearing up the Government’s contract with its payroll provider.

“No-one can ever guarantee you’re 100 per cent [secure], we have to establish the facts first before considering implications and consequences of what’s occurred,” he said.

“There’s no easy process for replacing [the service], the advice I’ve got is if we terminate them, no-one in the state would be paid from next week… it’s a 20-year arrangement that’s been long established.”

The data files accessed go back to July 2020, with anyone employed on the Government patrol since that time being contacted.

Lucas last week urged staff to take their own steps to reduce the risk of their data being compromised, suggesting they contacted their financial institution, monitored statements for any unauthorised transactions and considered adding additional security, including changing passwords and activating two-factor authorisation.

The Government has also hired cybersecurity support service IDCare to develop a specific response plan and provide personal support to affected employees.