Inside Frontier Software cyber incident

In 2021, with so much of a payroll process linked to digital systems, the threat of a cyber security breach is a nightmare scenario for payroll professionals.

This past week that nightmare became a reality for Frontier Software, as their systems were shut down by a cyber incident on Saturday 13 November, affecting not only Frontier Software, but hundreds of their customers across Australia.

As customers scrambled to activate their contingency plans for payroll, Frontier Software worked to get systems back online and minimise disruption. By Wednesday afternoon, 99% of Australian customers had safe access restored.

Frontier Software Australia CEO, Nick Southcombe, spoke with APA about the incident and Frontier Software’s response in those first crucial days when every second matters.

“These are the things you plan for, but you hope never happen,” said Southcombe.

“We didn’t waste a minute. As soon as the first signs of malicious activity were detected, early on Saturday morning, we activated our crisis plan and started shutting everything down.”

So what happened? What does a cyber incident look like on the inside? Southcombe explained that malware – malicious software – had found its way into Frontier Software’s corporate systems and encrypted some corporate files and data, making them inaccessible.

“The incident impacted some of our corporate systems, which became encrypted by malware. However, Australian customer HR and payroll data and systems are well-segmented from the corporate systems and were not encrypted,” said Southcombe.

“To date, our technical investigations have found no evidence of any Australian customer data being exfiltrated or stolen, which is a testament to the design of our infrastructure and a huge relief.”

According to Southcombe, it was also important to bring in outside assistance to ensure the response and recovery would be as smooth and swift as possible.

“We have a fantastic technical team, but at times like these, you need to call in specialist help,” said Southcombe.

“We engaged the incident response team at CyberCX and within a very short space of time they were working side by side with our own team, ensuring the situation was contained and helping us safely turn things around.”

As the crisis unfolded, the focus of Frontier Software’s efforts was understandably on restoring customer access to payroll systems as soon as possible. This came at the cost of restoring their own in-house IT systems, which still remain largely offline.

“Our people understood that our first priority needed to be our customers – especially those who needed to run payroll in the days ahead,” said Southcombe.

“Now that our customer systems are back up and running, we’re starting to get our own corporate systems restored,” he added.

Questions remain for Frontier Software and their customers around the full extent of the incident and timeframe for its resolution.

“It’s not over yet, but we’ve already learned a lot from this incident from a technical perspective that will help us to further strengthen our cyber security defences and minimise the likelihood of future incidents,” said Southcombe.

“There’s no doubt our customers still have nagging questions they want answered, I appreciate that. We’re holding a series of town hall meetings on Monday to address a lot of those concerns. We also expect to share further detail in the weeks ahead as a result of the ongoing investigation when it is prudent and appropriate to do so.”

If you are a Frontier Software customer and wish to attend one of their virtual town hall sessions, send your request to: [email protected]

/Public Release. View in full here.