Share this article on:
Defence e-communications platform ForceNet, which is run by external information and communications technology (ICT) provider Dialog Information Technology, was the target of the new attack.
The company has since told the Department of Defence (DoD) that there was no need to worry, as no data of current or former staff using the platform had been put at risk.
Furthermore, Chief of the Defence Force General Angus Campbell and DoD Secretary Greg Moriarty have said there is no evidence to suggest that any data had been compromised.
Despite this, the pair emphasised that the matter is being investigated, and that the DoD is working with Dialog to evaluate the extent of the attack.
“We are taking this matter very seriously and working with the provider to determine the extent of the attack and if the data of current and former APS staff and ADF personnel has been compromised,” GEN Campbell and Secretary Moriarty stated in a memo to defence staff on Monday.
“Initial discussions with the service provider indicate there is no evidence that the data of current and former APS staff and ADF personnel have been compromised. We are nevertheless examining the contents of the 2018 ForceNet dataset and what personal information it contains.”
ForceNet held between 30,000 and 40,000 records, according to Defence Personnel Minister Matthew Keogh.
“We’re not saying that’s what’s out there but that’s what the external provider held”.
In an interview with the ABC, Assistant Defence Minister Matt Thistlethwaite said the attack was being taken with the utmost seriousness.
“They’re suggesting considering changing passwords and moving to two-factor authentication and the like, but importantly, the aim will be to support ADF personnel.”
Thistlethwaite has reaffirmed that there is currently no evidence of any data being lost and has also emphasised that the attack was not on the DoD’s systems themselves.
“I want to stress this isn’t an attack or breach on defence ICT systems,” he added in the ABC interview.
“It’s on an external provider defence contracts to run one of their websites.”
IDCARE, the national identity and cyber support service for Australia and New Zealand, has been engaged by the DoD to help those affected by the attack.
The breach is the latest in a series of cyber attacks on companies such as Optus and Medibank in which hackers have stolen data and demanded a ransom for its return.
In response to the growing presence of cyber crime and online threats, the Albanese government has announced that it would be increasing the fines faced by companies who fail to secure and protect the data.
Companies that fail to secure important data could face penalties of tens of millions to hundreds of millions.