Department of Defence specialists are scrambling to identify how many of the nearly 40,000 current and former Australian Defence Force (ADF) employees using its secure ForceNet social media service were compromised in a breach of the personnel service provider.

ForceNet – which maintains a secure and social media service and mobile apps providing “auditable communication and information sharing” for defence personnel and their families – was hit by a ransomware attack that, reports suggested, also involved the theft of data about Australian Defence Force (ADF) and Australian Public Service (APS) members.

A source quoted by the ABC said that some private details, such as dates of birth and dates of enlisting, may have been compromised for members that were using ForceNet from 2018.

Writing in an email to staff, Defence officials said that the matter was being taken “very seriously” and that the department is “examining the contents of the 2018 ForceNet dataset and what personal information it contains.”

ADF authorities are contacting members to let them know about the breach and what actions to take – including suggestions to change passwords and adopt two-factor authentication.

“We haven’t seen any evidence of that information being made available to anyone as a result of that attack,” Minister for Defence Personnel Matt Keogh said at a press conference this week, “but we just want to make sure that all Defence staff and personnel remain vigilant.”

Defence personnel are being connected with “an external provider” to support them in protecting their identity documents and personal information.

“The Australian government is quite concerned about this sort of cyber activity that’s occurring, people seeking through nefarious means to get access to others’ personnel data as a way of trying to steal identities and swoop people’s identification.”

Targeted compromise, sensitive targets

October may have been officially designated as worldwide Cyber Security Awareness Month, but in recent weeks the public has been made aware of cyber security for reasons never anticipated by organisers or authorities.

The ForceNet breach follows a spate of high-profile incidents over the past month, including recent revelations that customer data had been stolen from a Shangri-La hotel in Singapore where Australian Minister for Defence Richard Marles was among the guests staying for high-level talks with China.

In mid-October, it was revealed that the identities of Australian Federal Police (AFP) secret agents – who have been working with Colombian authorities to identify and stop drug importation to Australia – were also compromised as part of 5 terabytes of data stolen in a recent data breach.

Sensitive identity details are a potentially valuable target for cybercriminals and nation-state actors, who waste no opportunity to leverage the spoils of their attacks for nefarious gain.

In recent weeks, Australian cyber security and law enforcement authorities have pushed to contain the fallout from the recent breaches of 4 million Medibank customers, 2.2 million customers of Woolworths subsidiary MyDeal, and nearly 10 million Optus customers.

Whether the ForceNet compromise was the result of a scattershot malware campaign or a targeted campaign by cybercriminals, remains to be seen.

The breaches have forced a reckoning for Australian company executives, who are the world’s least aware of cyber security issues, have struggled to professionalise their work, and only seem to be upping their game in the face of government threats to boost penalties for data breaches to as much as $50 million.