12 October Australia-Sensitive information about Australia’s defence programmes has been stolen in an “extensive” cyber hack.
About 30GB of data was compromised in the hack on a government contractor, including details about new fighter planes and navy vessels.
The data was commercially sensitive but not classified, the government said. It did not know if a state was involved.
Australian cyber security officials dubbed the mystery hacker “Alf”, after a character on TV soap Home and Away.
The breach began in July last year, but the Australian Signals Directorate (ASD) was not alerted until November. The hacker’s identity is not known.
“It could be one of a number of different actors,” Defence Industry Minister Christopher Pyne told the Australian Broadcasting Corp on Thursday.
“It could be a state actor, [or] a non-state actor. It could be someone who was working for another company.”
Mr Pyne said he had been assured the theft was not a risk to national security.
The hack was described as “extensive and extreme” by ASD incident response manager Mitchell Clarke.
It included information about Australia’s new A$17bn (£10bn; $13bn) F-35 Joint Strike Fighter programme, C130 transport plane and P-8 Poseidon surveillance aircraft, as well as “a few” naval vessels, he said.
Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.
The aerospace engineering firm of was also using default passwords, he said.
ASD officials began repairing the system in December.
A report by ZDNet said officials referred to the months before ASD intervention as “Alf’s mystery happy fun time”.
“For those visitors overseas to Australia, Alf is Alf Stewart from an horrific Australia soap opera called Home and Away. It’s just a thing we do,” Mr Clarke told his audience, according to BuzzFeed.
The government distanced itself from the Adelaide-based firm, saying it had most likely been employed by another contractor.
“I don’t think you can try and sheet blame for a small enterprise having lax cyber security back to the federal government. That is a stretch,” Mr Pyne said.
“Fortunately, the data that was taken was commercial data, not military data, but it is still very serious and we will get to the bottom of it.”
However, he said “we don’t necessarily let the public know” about the identities of hackers, because such investigations often involve confidential information.
The incident was a “salutary reminder” about cyber security, he added.
Last year, Australia announced a surge in defence spending, a move that reflects concern over military expansion in the region.
Military spending would grow by A$29.9bn over 10 years, including plans to buy 72 Joint Strike Fighters, the 2016 Defence White Paper outlined.