SA breach revealed
The South Australian government has disclosed a significant cyber security breach that potentially compromised the data of many individuals.
The breach affected Super SA, a dedicated superannuation fund for state government employees, according to statements by South Australian Treasurer Stephen Mullighan in parliament.
The breach, which took place nearly two months ago, only came to the treasurer's attention last week, prompting concerns over the government's response to such incidents.
“It's simply not good enough,” Mullighan said.
“The way government responds to this needs to improve because it is letting, on these sorts of occasions, thousands - sometimes many thousands - of South Australians down.”
The breach is currently under investigation to determine if other agencies that had contracts with the same call centre were also affected.
A government spokesperson indicated that the compromised data “does not appear to involve any data more recent than 2020”.
The breach may include personally identifiable information, such as names, addresses, and dates of birth. Some members may have had other types of data accessible.
The incident is connected to a call centre that Super SA had previously contracted to handle member inquiries following a 2019 cyber security breach.
The call centre retained Super SA member data even after the contract had concluded, and this retained data was accessed during the recent security breach.
Mullighan raised concerns about data retention practices, saying; “It is still being investigated why that call centre provider had retained data on its systems relating to managing that particular agency's client relations task.”
He further emphasised the need for better data security practices within government agencies.
Super SA released a statement assuring its members, stating that “a small cohort of members” may have been affected by the breach. The group emphasised its commitment to securing member accounts, but the extent of data accessed remains uncertain.
Public Service Association general secretary, Natasha Brown, expressed deep concern over the breach, saying there is a need for robust data protection measures within government agencies. She called for a thorough investigation and preventative actions to ensure such breaches do not recur.