[Australia] Pay chaos after major payroll company hacked

[Australia] Pay chaos after major payroll company hacked
18 Nov 2021

Australian employers are fighting to regain control following the hacking of top payroll software used by large companies which threw thousands of workers’ pay into potential chaos, Financial Review reports.

The cyber attack on Frontier Software left 330 employers without automated payroll this week after ransomware encrypted the company’s systems on Saturday and forced it to take down its server as a precaution.

Some employers using the firm’s cloud-based software reportedly went into disaster recovery mode after facing the prospect of processing hundreds of workers’ wages manually.

Tasmania’s largest private-sector employer - hotel and casino owner Federal Group - made $250 advance payments to hundreds of staff on November 16 because the cyber attack had delayed pay. It committed to paying the remainder of workers’ salaries yesterday.

By late afternoon yesterday Frontier said it had restored safe system access to 99 per cent of its customers.

Frontier covers about 27 per cent of employers with more than 2000 staff and is a top payroll product across healthcare, hospitality and not-for-profit sectors.

In a Monday afternoon email, Frontier advised clients who intended to run payroll “in the next one to two days” that it recommended “activating contingency provisions for alternative payroll processes”.

Frontier Technology chief executive Nick Southcombe said the company expected to restore its systems “in a staged process over the coming days based on technical requirements and security considerations”.

Meanwhile, it had reportedly engaged cyber-security firm Cyber CX to investigate and on Tuesday started rolling out “specific additional software” for clients to access to bring them back online.

“Approximately 330 Australian employers have been impacted in some way. However, not all of those employers are processing pay-runs this week,” Mr Southcombe said.

“We have been communicating closely with customers impacted by this incident and keeping them updated on time frames for restoration of our systems.”

No ransom demand

Employers that host Frontier on their own servers, including Herbert Smith Freehills, Ramsay Health Care and St Vincent’s Hospital Sydney, were unaffected.

The attack is part of a surge in cyber attacks on Australian companies over the past four weeks, including in mining, professional services, technology, food and beverage, healthcare and construction.

The Frontier hack is unusual because five days on there still has been no ransom demand.

Companies using the software have also had to advise their board, insurers and regulators of potential privacy breaches amid uncertainty about whether hackers have accessed employees’ private data.

Mr Southcombe said the company was “still investigating to fully understand the nature of the incident”.

“However, we have not identified any evidence at this time that customer data or computer systems have been compromised as a result of this incident,” he said.

The hack forced Frontier to communicate via Gmail and its reception desk at its Melbourne head office was unable to transfer calls on Wednesday because it could not access anyone’s contact details. The company said it had set up a dedicated phone line and email for customer support.

Australian Payroll Association chief executive Tracy Angwin said the incident “shows how important it is for employers to have disaster recovery processes, even when you outsource the payroll technology”.

“Payroll should be on the risk register of every employer, no matter what the employer’s delivery strategy is. Issues happen in businesses every day, but when things go wrong in payroll, they can go spectacularly wrong very quickly,” Ms Angwin said.

“In such a tight labour market the last thing an employer needs is the inability to pay their staff, leading them to look for a job elsewhere.”

A Federal Group spokesman said on Wednesday afternoon that its access to the Frontier software had been restored.

“All staff are expected to be paid on time and we do not anticipate any further issues.”


Source: Financial Review

(Links and quotes via original reporting)

Australian employers are fighting to regain control following the hacking of top payroll software used by large companies which threw thousands of workers’ pay into potential chaos, Financial Review reports.

The cyber attack on Frontier Software left 330 employers without automated payroll this week after ransomware encrypted the company’s systems on Saturday and forced it to take down its server as a precaution.

Some employers using the firm’s cloud-based software reportedly went into disaster recovery mode after facing the prospect of processing hundreds of workers’ wages manually.

Tasmania’s largest private-sector employer - hotel and casino owner Federal Group - made $250 advance payments to hundreds of staff on November 16 because the cyber attack had delayed pay. It committed to paying the remainder of workers’ salaries yesterday.

By late afternoon yesterday Frontier said it had restored safe system access to 99 per cent of its customers.

Frontier covers about 27 per cent of employers with more than 2000 staff and is a top payroll product across healthcare, hospitality and not-for-profit sectors.

In a Monday afternoon email, Frontier advised clients who intended to run payroll “in the next one to two days” that it recommended “activating contingency provisions for alternative payroll processes”.

Frontier Technology chief executive Nick Southcombe said the company expected to restore its systems “in a staged process over the coming days based on technical requirements and security considerations”.

Meanwhile, it had reportedly engaged cyber-security firm Cyber CX to investigate and on Tuesday started rolling out “specific additional software” for clients to access to bring them back online.

“Approximately 330 Australian employers have been impacted in some way. However, not all of those employers are processing pay-runs this week,” Mr Southcombe said.

“We have been communicating closely with customers impacted by this incident and keeping them updated on time frames for restoration of our systems.”

No ransom demand

Employers that host Frontier on their own servers, including Herbert Smith Freehills, Ramsay Health Care and St Vincent’s Hospital Sydney, were unaffected.

The attack is part of a surge in cyber attacks on Australian companies over the past four weeks, including in mining, professional services, technology, food and beverage, healthcare and construction.

The Frontier hack is unusual because five days on there still has been no ransom demand.

Companies using the software have also had to advise their board, insurers and regulators of potential privacy breaches amid uncertainty about whether hackers have accessed employees’ private data.

Mr Southcombe said the company was “still investigating to fully understand the nature of the incident”.

“However, we have not identified any evidence at this time that customer data or computer systems have been compromised as a result of this incident,” he said.

The hack forced Frontier to communicate via Gmail and its reception desk at its Melbourne head office was unable to transfer calls on Wednesday because it could not access anyone’s contact details. The company said it had set up a dedicated phone line and email for customer support.

Australian Payroll Association chief executive Tracy Angwin said the incident “shows how important it is for employers to have disaster recovery processes, even when you outsource the payroll technology”.

“Payroll should be on the risk register of every employer, no matter what the employer’s delivery strategy is. Issues happen in businesses every day, but when things go wrong in payroll, they can go spectacularly wrong very quickly,” Ms Angwin said.

“In such a tight labour market the last thing an employer needs is the inability to pay their staff, leading them to look for a job elsewhere.”

A Federal Group spokesman said on Wednesday afternoon that its access to the Frontier software had been restored.

“All staff are expected to be paid on time and we do not anticipate any further issues.”


Source: Financial Review

(Links and quotes via original reporting)

Leave a Reply

All blog comments are checked prior to publishing