The ForceNet service, one of the external providers the defence department contracts to run its websites, has come under attack but so far no data have been compromised, assistant minister For Defence Matt Thistlethwaite said.
“I want to stress that this isn’t an attack or a breach on defence (technology) systems and entities,” Thistlethwaite told ABC Radio. “At this stage, there is no evidence the data set has been breached – that’s the data that this company holds on behalf of defence.”
But some private information such as dates of birth and enlistment details of military personnel may have been stolen, the Australian Broadcasting Corp reported, citing an unidentified source with knowledge of the investigation.
Thistlethwaite said the government will view the incident “very seriously” and all defence personnel have been notified, with suggestions to consider changing their passwords.
A Defence department spokesperson said the department was examining the contents of the impacted data set and what personal information it contained.
Discover the stories of your interest
Ransom software works by encrypting victims’ data and hackers typically will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.
Some of Australia’s biggest companies, including number 2 telecoms company Optus, owned by Singapore Telecommunications Ltd, and the country’s biggest health insurer, Medibank Private Ltd, have had data hacked recently, likely exposing the details of millions of customers.
Technology experts said the country has become a target for cyber attacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it.