Information linked to more than 14,000 members was accessed by hackers about two months ago.It's the second time in less than two years that private data from a state government agency, held by a third-party firm, has been illegally accessed.The government said the most recent security breach stemmed from a previous cyber attack involving Super SA in November 2019.
It said all members who were implicated in the 2019 cyber breach were also impacted by this latest attack.Mr Mullighan told parliament last week the Department of the Premier and Cabinet was informed of the latest cyber breach on August 18, but he was only told on Thursday, October 12. "It is absolutely clear that the way in which these incidents have been managed is not good enough because it's causing the exposure of sensitive South Australians' data to be exposed to illegal access.""We are unaware of other government agencies using them post-2020," he said.
Adelaide cyber security lawyer Darren Kruse said companies in South Australia and across the country were not legally required to delete client data once they no longer had a practical use for it."But there's no specific laws about curation of data or the method for holding it."