The recent data breach at Super SA has stirred much unease among its members, leading to pressing questions about the management of data and cyber security among Australian government institutions. This event also casts a spotlight on the larger 2023 cyber wave of attacks targeting government agencies in Australia.
South Australian Treasurer, Stephen Mullighan, voiced his displeasure in Parliament, commenting,
"It's simply not good enough."
The gravity of the situation is evident, as this isn't the first time a state government agency has been compromised. Just two years prior, Frontier Software was targeted, affecting over 90,000 public servants.
This current breach can be traced back to a 2019 cyber attack involving Super SA. The data of 14,011 members was accessed.
Alarmingly, it was a third-party provider, previously contracted by Super SA, that was the weak link. In an official statement on October 17, 2023, Super SA confirmed that the security of members' funds and operations was intact.
But the fact remains that there was a lapse in oversight, raising questions about the efficiency of data protection measures.
Mr. Mullighan's comments in Parliament highlight the government's urgency in rectifying these lapses. "Government agencies need to do a much, much better job," he stated.
He also pointed out the failure of agencies like Contact 121 to not retain unnecessary data, a critical oversight that may have contributed to the breach.
Experts are now emphasising the need for stronger data protection regulations. Adelaide-based cyber security lawyer, Darren Kruse, noted the lack of legal mandates for companies to delete obsolete client data.
The existing guidelines, last authored in 2018, are "out of date," according to Kruse.
Jeff Foster, an expert from Macquarie University, emphasised the challenge in identifying the full scope of a breach, while Opposition spokesperson Heidi Girolamo pressed the importance of constant policy review and improvement in the realm of data protection.
The situation paints a stark reality: Cyber threats are evolving, and there's a need for rigorous, adaptive strategies to counter them.