Cyber-attack on Australian defence contractor may have exposed private communications between ADF members
A ransomware attack may have resulted in data related to private communications between current and former Australian defence force members being compromised, with as many as 40,000 records at risk.
Defence confirmed on Monday that a dataset from ForceNet, a communications platform, may have been compromised after an attack on an external ICT service provider.
The dataset was from 2018, and, according to the minister for veterans’ affairs and defence personnel, Matt Keogh, it contained 30,000 to 40,000 records.
Keogh said defence remained confident no personal data had been accessed, but were still working to confirm which current and former staff, including public servants employed by the department, could be affected.
He described ForceNet as like an internal social media platform.
“We’re working with that external provider to make sure we’ve got a full picture of what sort of data was there and available,” Keogh said.
“We understand it may have been about 30 to 40,000 records that they held, so we’re not saying that that’s what’s out there but that’s what the external provider held. “But we’re working now to get a full picture of who those individuals might have been.”
Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup
According to its website, ForceNet “facilitates auditable communication and information sharing, one to one and one to many, including targeted communications and support in emergency situations and to specific persons”.
It can be used by defence members, sponsored family members and other approved users, and was developed for defence and approved by defence’s chief information officer group.
“This means ForceNet users can be confident their information and content will be seen only by other authorised users,” ForceNet’s FAQ section states.
A defence spokesperson confirmed they had been made aware of the attack recently, but did not provide detail on when it occurred, and how soon after defence were informed. The external provider that was subject to the attack has not been revealed.
“Defence is taking this matter very seriously and is working with the provider to determine the extent of the attack,” the spokesperson said.
“Initial discussions with the service provider indicate there is no evidence that the data of current and former [Australian Public Service] staff and [Australian defence force] personnel has been compromised.
“Defence is examining the contents of the 2018 ForceNet dataset and what personal information it contains.”
Keogh said the spate of cyber-attacks in Australia, including those targeting Optus and Medibank, were concerning. The attacks highlighted the need for individuals to be vigilant about their personal information, and for governments to ensure the security measures employed by organisations were sufficient, he said.
“I think it’s all Australians – and rightly the Australian government – is quite concerned about this sort of cyber activity that’s occurring, people seeking through nefarious means to get access to others’ personal data as a way of trying to steal identities and swoop people’s identification.”