The Australian Defence Force has become the latest target in a spate of ongoing cyberattacks against major organisations in the country, with the Defence Department's internal communication platform, Forcenet, targeted in the ransomware attack.
The platform is used for communication between serving defence members, Australian public service personnel and their families and contains data from 2018.
A spokesperson from the department of defence told The Epoch Times in an email that the hack affected a 2018 ForceNet dataset containing personal information of current and former Australian Defence Force Members and Australian Public Servants may have been part of a ransomware attack on an external ICT service provider.
"Defence is taking this matter very seriously and is working with the provider to determine the extent of the attack," the spokesperson said.
Matt Keogh, the minister for defence personnel, said there was no evidence personnel information had been taken.
Assistant Minister for Defence Matt Thistlethwaite also said the Defence Department suggested all users of the Forcenet consider changing passwords and moving to two-factor authentication.
The attack occurred in early October.
News of the incident comes after several cyber incidents which targeted major public companies like Medibank, Australia's larger health insurer, Optus, the second largest telecommunications company, and EnergyAustralia, one of the three largest energy companies.
Cyber Minister Criticised for Slow ResponseThe federal Cybersecurity Minister Clare O'Neil has faced scrutiny over the government's response to the attacks with Shadow Minister for Cyber Security James Paterson questioning the time it's taken the minister to respond to the first incident involving Medibank.
"In a cyber attack, time is of the essence. Early engagement by the government allows the facts to be established, data theft to potentially be disrupted, and gives customers time to take any necessary steps to mitigate the consequences of the breach."
He also called on the federal government to release a timeline of the actions they have taken.
To Counteract Cyberattacks, Labor Ups RegulationThe government has responded to the increasing cyberattacks by introducing an amendment to the Privacy Bill on Oct. 26.
The amendment will significantly increase penalties to organisations for serious or repeated privacy breaches, a move the Labor government hopes can compel businesses to do more on cybersecurity.
It will also strengthen the Notifiable Data Breaches scheme to ensure the Information Commissioner has knowledge of an incident and the data compromised.
"These amendments are targeted and measured," Attorney General Richard Dreyfuss said. "They respond to the most pressing issues arising from the Optus data breach and other recent cyber incidents."
Yet business expert, Rob Nicholls, of the University of New South Wales has previously warned against simply increasing red tape for businesses, saying a part of the problem is the amount of data companies are required to obtain under law.
He said companies were required to obtain identity documents under the Know Your Customer guidelines that includes birth certificates, driver's licenses, or passport numbers.