Nine Radio has issued advice of a cyber-attack experienced by Frontier, relating to some employees from May 2016.
Almost 500 current and former employees of Nine Radio had their personal payroll details stolen as part of a cyber attack of payroll software provider Frontier Software late in 2021.
Frontier had previously informed Nine Radio that no personal information of its employees had been released. However, this week, it told Nine Radio that advice had changed after weeks of forensic analysis.
"Earlier this week, Nine Radio Pty Ltd (Nine) became aware that personal information from the month of May 2016 relating to 498 current and former employees, including you, may have been accessed as a result of a cyber attack against an external payroll software provider, Frontier Software Pty Ltd (Frontier)," Nine Radio managing director Tom Malone said in an email to affected staff members.
"The cyber attack, which occurred on November 13, 2021, resulted in a file containing these current and former employees' personal information from that period being exported from Frontier."
Mr Malone said the information that was accessed included full names, home and email addresses, telephone numbers, dates of birth, tax file numbers, salaries, payroll IDs and superannuation fund details.
"Frontier has confirmed to Nine that the information has now been deleted by the entity responsible for the cyber attack."
However, given the criminal nature of the group that did the hack, it is still possible the data will turn up on the internet at some point in the future.
In December, the ransomware hackers published online the private data of at least 38,000 South Australian public servants they had stolen as part of the Frontier hack. However, the data appeared to be deleted later in the day.
Mr Malone said Nine Radio had contacted the Australian Taxation Office and flagged the relevant tax file numbers for any suspicious activity. The company is also monitoring the dark web for any personal information made available.
Frontier Software Australia chief executive Nick Southcombe said: "As our technical investigations into the recent cyber incident progressed, we have continued to review the data stolen from the Frontier Software Australia internal corporate environment.
"During this process we have prioritised identifying any customer data that may have been stolen. This review is continuing and now near completion. We promptly contact impacted clients if our ongoing data review discovers any client data that may have been compromised."
Mr Southcombe said Frontier have assessed that the number of clients impacted is limited.
"One of the few customers we identified as being affected is Nine Radio. We promptly communicated with Nine Radio when our investigation discovered that some of their data had been stolen. We are very disappointed this has happened, apologise for the inconvenience caused, and will continue to communicate with them," he said.
"It is important to note that the data stolen was from our internal corporate environment only. To date there is no indication of compromise to client HR and Payroll systems on our Australian client hosting environment, nor to any Frontier Software on-premise client system or network."
