A hearing on Monday was told a file containing public service workers’ personal information was transferred from the government’s network to Frontier Software’s server.

From here, the hacker was able to access the file, and later make a ransom demand.

Treasury and Finance Department chief executive David Reynolds revealed the government had issued a breach of contract notice to the external payroll software provider over the incident.

He said the government would consider whether to sack the company pending the outcome of an ongoing investigation into the security breach.

Mr Reynolds provided an update on what the government knew so far about how the hackers were able to obtain the data.

“Some overseas player, as we understand it, hacked (Frontier’s) corporate network and as it turned out they had transferred a file with our staff details onto their corporate network, out of our secure payroll system,” he said.

“So that file that had been transferred to their corporate network was the one that was accessed by the hacker.”

It is understood the contract between the government and Frontier stated the company should not hold the government’s data and it should remain on the government’s own server.

The government announced in December last year that almost all SA public servants should assume hackers had stolen their personal information, confirming almost 80,000 staff were victims of a large-scale cyber attack.

The names, home addresses, tax file numbers and bank account details of government employees were stolen.

Education department employees appeared to have been spared.

The Advertiser had earlier revealed an offshore hacker demanded a ransom payment to return the payroll information.

Sources said the culprits were Russian hackers who likely breached security in November.

More Coverage

‘Assume the hackers got you’: Size of payroll raid revealed

Elizabeth Henson

Premier can’t say if government trusts firm after data breach

Todd Lewis, Patrick James