Personal details of Australia Capital Territory government information potentially exposed in security breach

An ongoing investigation is being conducted to determine the extent of a data breach that potentially exposed personal and government information, following a notification by Barracuda Networks.

The email gateway system used by the Australia Capital Territory (ACT) Government was one of the vulnerable models of Barracuda.

While the impacted system has been rebuilt to eliminate the vulnerability, the full scope of the breach and potential damage is still unclear, as authorities work to assess the information that may have been accessed during the period the vulnerability existed - in a period from October 2022 to May 2023.

There is a strong likelihood of a breach, the identity of the responsible party remains unknown, and investigations are underway by the ACT Cyber Security Centre, in collaboration with the Australian Cyber Security Centre and Barracuda Networks, to determine the extent of the breach and any potential access to personal information.

The investigation focuses on automated emails that may have contained subsets of personal data.