Hackers have targeted a third-party IT supplier, ForceNet, used by military personnel and Defence Department employees.
ForceNet allows defence force members, their families and defence department staff to communicate with each other.
“I want to stress that this isn’t an attack or a breach on defence (technology) systems and entities,” Assistant Minister for Defence Matt Thistlethwaite said. “At this stage, there is no evidence the data set has been breached – that’s the data that this company holds on behalf of defence.”
ABC reported that some personal information, including birth dates and enlistment details, may have been stolen, citing an unidentified source. Additionally, the dataset caught up in the hack included approximately 40,000 details of Defence and Australian Public Service (APS) personnel, dating back to 2018.
The Department of Defence is examining the impacted data sets for personal information, according to a spokesperson.
Defence personnel have been notified, with suggestions to change their passwords and implement multi-factor authentication, and the incident is being taken “very seriously” by the government, Thistlethwaite said.
“We just want to make sure that all Defence staff and personnel remain vigilant, and we’re working with that external contractor now to make sure we get the best picture of what has occurred so that they’ve got the best support to ensure the security of their systems as well.”