Outsource they said, cheaper they said, more secure they said
Personal information describing names, addresses, bank account details, and taxation IDs of 38,000 Australian government employees has been leaked to the dark web after a ransomware attack. The treasurer of the Australian State of South Australia, Rob Lucas, today revealed the source of the leak: outsourced payroll provider …
Methinks your "investigation" demonstrates why you got hacked in the first place : you don't have a clue.
That probably explains why the exfiltrated data was not encrypted - you don't have the expertise to manage that.
In other words, another payroll provider with a bit more savvy in the backend might be a good choice.
Given Australian banks' high-speed low-security approach and attitude, combined with their trenchant refusal to correct errors, those leaked fields (esp.if they also included phone number, which is likely in Australia) are more than enough to completely clean them all out financially.
One of our previous federal heads of cybersecurity got hit with a simple SIM swap, got cleaned out, and even with her political & bureaucratic clout she got absolutely nowhere with the banks. I think she got a little bit back after a few years of fighting. So these ordinary little guys have got Buckley's