Treasurer Stephen Mullighan confirmed the data breach yesterday in state Parliament, and said today it involved the same Super SA members impacted by a 2019 data breach.
Mulligan told Parliament the breach occurred nearly two months ago but that he “was only advised … late last week”.
The Treasurer said the latest breach was not an attack on Super SA servers; rather, members’ data was stolen from a call centre employed by the government in 2019 to manage calls following the initial breach.
“There was a significant cyber security breach in 2019, and at that time when Super SA was looking for some support to help them deal with what would be an influx of calls they engaged a South Australian call centre provider to manage some of those calls,” Mullighan told ABC Radio Adelaide this morning.
“It now is clear that the call centre provider has – contrary to their obligations – held onto the data set that was provided to them back in 2019 and it’s the call centre that has had that same data set now breached in recent times.
“That was actually not detected by the call centre, that was actually detected by the government in the monitoring activities that we undertake and that’s been worked through over a period of the last two months to try and verify exactly what information has been accessed and what has happened to that information.”
Opposition treasury spokesman Matt Cowdrey accused the state government of keeping the latest breach a “secret”.
“It is incredibly concerning and quite frankly astounding that this cyber attack happened almost two months ago yet was only made public to South Australians under questioning from the Opposition,” he said.
“It’s completely unacceptable that Peter Malinauskas and Stephen Mullighan were advised about this cyber attack last week, but kept it secret and haven’t done a thing to assure South Australians that their data is safe.”