Share this article on:
An investigation by Defence Housing Australia (DHA) is currently underway after it was notified that one of its third-party service providers had been hit by a cyber attack.
The organisation, which provides housing and accommodation for military personnel and their families on and off base, has stressed that while there has been no impact or breach of DHA or Defence ICT systems, an investigation to determine if any data belonging to Defence Force members and their families had been compromised has been launched.
“DHA has notified the Australian Cyber Security Centre, the Department of Home Affairs’ cyber security response unit, and the Office of the Australian Information Commissioner,” the DHA said in a notice released on its site.
“Defence personnel affected by this incident will be advised as soon as practicable.”
The Department of Veterans’ Affairs (DVA) also issued a notice regarding the breach; however, it said that its systems remain secure.
At this stage, the third-party organisation that was breached is yet to be named.
The DHA has advised Defence personnel that if required, they should contact IDCARE, while the DVA said that if there was anyone concerned by the incident, they should contact Open Arms – Veterans and Families Counselling.
The incident follows an eerily similar breach on a third-party contractor for the UK Ministry of Defence, which resulted in its data being leaked and posted online.
Prolific ransomware actor LockBit launched an attack on fencing manufacturer Zaun last month, publishing the data on its leak site.
“On 5th – 6th August, Zaun was subjected to a sophisticated cyber attack on our IT network by the LockBit ransom group,” the company said in a notice.
Zaun said the incident occurred through the access of a device that was running an older operating system.
“In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines. The machine has been removed and the vulnerability closed,” it said.
The company has also stressed that while the stolen files do include the details of work it has done on “high-profile sites” such as military bases and prisons, these fences are visible to the public.
“These fencing products are generally used to separate the public from the secure asset and, as such, are on public display and in the public domain,” it said.
“As such, it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain.”