The Benevolent Society on 28 August 2022 notified the Office of the Australian Information Commissioner (OAIC) of a recent cyberattack and data breach experienced by its payroll software provider, Frontier Software Pty Ltd (Frontier Software).
Frontier Software has recently notified us that a subset of data relating to current and former employees was downloaded from Frontier Software’s systems as a result of a cyberattack, which was discovered by Frontier Software on 13 November 2021. Employees who were working at The Benevolent Society in 2001 or 2002 may be impacted. Our analysis revealed that 8 current employees and 649 former employees have been impacted.
On discovering the cyberattack, Frontier Software immediately began investigating the incident. Following an extensive amount of work since November 2021 by Frontier Software, along with its external cyber advisors, they have been able to determine precisely whose and what information was impacted. This has included undertaking a detailed manual review of the data in order to identify any potentially impacted persons.
Importantly, having completed this detailed exercise Frontier Software strongly believes the data is currently not in the hands of the individuals responsible for the cyberattack and that there is no evidence the impacted data has been or will be misused in the future. Frontier Software has further confirmed with us that this data has not been published on the dark web. Frontier Software has also informed us that it has taken preventative measures to protect against misuse of this information. We are hopeful that these matters reduce the risk associated with this data breach.
The Benevolent Society's own systems have not been impacted by this incident.
The Benevolent Society regrets that the incident has occurred and would like to apologise for any concern or inconvenience this may cause you.
Impacted Personal Information
Investigations conducted by Frontier Software with external forensic and cybersecurity experts have shown that the types of personal information extracted from Frontier's network included full name, address, phone number, date of birth, BSB number, financial account number, superannuation fund name, tax file number.
What has been done to date
The Benevolent Society has taken the following steps:
- notified the Office of the Australian Information Commissioner (OAIC) and the Australian Taxation Office (ATO);
- reviewed the data provided by Frontier Software and are informing impacted individuals, where practicable.
Frontier Software has told us they have taken the following steps:
- notified the Office of the Australian Information Commissioner, the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) and relevant state police;
- where a tax file number (TFN) has been accessed, Frontier Software has advised the ATO, so they can apply additional security measures and monitor for any potential misuse of that TFN. Please be aware that these measures may impact access to your myGov account, but this is all with a view to providing additional protection. For further information you can contact the ATO Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00 am–6:00 pm AEST. Additional information about the security safeguards that may need to be applied to your account is available at https://www.ato.gov.au/general/online-services/identity-security-and-scams/help-for-identity-theft/data-breach-guidance-for-individuals/
- notified Services Australia. Where impacted information includes information for which Services Australia is responsible, Services Australia has added additional security measures to protect those details where relevant.
What we recommend you can do if you are impacted
- Please remain alert to any increased scam activity, especially email, text messages or telephone phishing scams (i.e., fraudulent communications disguised as if to look like they come from an organisation you trust) and, in particular any such scam activity purporting to come from Frontier Software or The Benevolent Society. Also, check your bank statements for any suspicious activity and contact your bank, if required.
- We recommend changing your online account passwords and setting multi-factor authentication for your online accounts if you have not done so already.
- If you are concerned about the potential misuse of your personal information, you can seek free support from IDCARE, Australia’s national identity and cybersecurity community support service. Frontier Software has made an arrangement with IDCARE. If you wish to access IDCARE's services, please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at https://www.idcare.org/contact/get-help or by calling 1800 595 160. When accessing IDCARE’s services please provide the referral code 'FDI2-ID'. Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information https://www.idcare.org/learning-centre.
- If you are/were a resident of New South Wales and wish to access ID Support NSW’s services, please contact 1800 001 040 or visit https://www.nsw.gov.au/id-support-nsw. ID Support NSW provides assistance to individuals where their NSW Government proof of identity credentials are compromised, stolen or fraudulently used.
Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites:
You are welcome to contact us at [email protected] or on 1800 236 762 (Option 2). If you are contacting by phone, we will ask to take your full name and best contact number and/or email and one of our dedicated support team members will call you back.