Premier Steven Marshall could not answer questions from the media on Saturday about whether the state government would continue to use Frontier to manage payroll data, or whether he or his government could continue to have trust in the company.

He said there had been an “enormous” amount of data hacks in SA.

“We have had an enormous amount of attacks and threat to our data here in South Australia, around the country and around the world.”

The last major cyber attack on the state government came in April, where suspected Chinese hackers caused the extraordinary activation of the State Crisis Centre.

Mr Marshall said he was made aware of the breach late on Thursday night.

“There has been a breach, it will be thoroughly investigated and whatever comes out of that we’ll make sure that we put the very best security back in place,” he said.

“They have very good procedures in place. But in this case, we are seeing that threat, that escalating threat around the world that did breach their systems.”

The Advertiser revealed on Friday evening that an offshore hacker demanded a ransom payment to return the payroll information.

The AFP is investigating how names, addresses, dates of birth, tax file numbers and bank account information of everyone from Mr Marshall down was stolen and held for payment by criminals.

Sources said Russian hackers were most likely behind the stunning attack in which up to 36,000 public servants had their information leaked on the dark web.

In all, up to 80,000 workers’ information may have been stolen.

The Advertiser understands that once the information appeared on the dark web a ransom demand was sent to the government’s third-party payroll provider, Frontier Software.

The workers’ details have since disappeared and it is yet to be determined whether the demands of the hackers were placated or whether the information was on sold.

“We understand that some of that data was published on the dark web, but it has since been removed,” Treasurer Rob Lucas said.

Frontier Software chief executive officer Nick Southcombe said investigation and remediation work is continuing.

“At this point, we have only identified one customer that has been affected, being the Government of South Australia, and we are communicating directly with them and providing as much assistance as we can,” Mr Southcombe said.

A spokesperson for the company said it was not appropriate to comment further about the nature of the attacker or their activities at this time “to avoid compromising ongoing investigation and remediation activity”.

However, they confirmed the Australian Federal Police and the Australian Cyber Security Centre had been notified.

Mr Lucas said on Friday the cyber attack affected all state government departments except the Education Department, which uses a different payroll system.

He said politicians, including Mr Marshall, could be among those affected.

“Members of parliament, ministerial advisers, press secretaries – we are equally as exposed as all others,” Mr Lucas said.

“It’s quite personal and confidential information as it relates to payroll.”

“We are working on a precautionary basis at the moment and that is to advise all of our public sector employees to take precautionary action such as contacting financial institutions and monitoring any activity in their bank accounts that might be unusual or suspicious.

“We are in the process of contacting financial institutions ourselves to get their assistance.”

However, Mr Lucas said there was no evidence so far the information accessed had been used and the government was investigating how to prevent future hacking events.

Opposition treasury spokesman Stephen Mullighan said the state government couldn’t be trusted to keep South Australian’s data safe.

“At the same time the government is checking our every move through the Covid-19 QR check-in app, they can’t even protect their payroll of their own employees,” he said.

He also said the government had not been upfront about the ransom demand and the breach, which occurred four weeks ago.

But Mr Lucas said no ransom request was made specifically to the government.

“There has been no ransom demand made to us,” Mr Lucas said.

“I can’t speculate on what has been requested from Frontier Software, that would be a question for them.”

The government has brought in cybersecurity support service IDCare to work with employees to minimise risks.