The ACT Government is responding to a security breach that affected Barracuda, an e-mail gateway system that supports some ACT Government ICT systems, Chris Steel, ACT Special Minister of State, said.
Barracuda identified a vulnerability in their Email Security Gateway, and issued a public vulnerability notification on 24 May.
As part of its routine cyber security measures, the ACT Cyber Security Centre discovered the public notification and investigated.
The potential vulnerability was detected as being present, and the ACT Cyber Security Centre immediately rebuilt the impacted Barracuda system to eliminate any vulnerability.
The investigation has now identified that a breach has occurred. A harms assessment is underway to fully understand how the ACT Government systems and data were impacted.
“We are confident that actions taken to date have contained the breach and that there is no ongoing threat,” Mr Steel said. “Canberrans can continue to use ACT Government online systems with confidence.”
The ACT Cyber Security Centre has stood up the Cyber Incident Management Team, and is working with the Australian Cyber Security Centre and Barracuda Networks on the ongoing investigation.
“This incident is a reminder for everyone in the community to be vigilant about their personal cyber security, including monitoring their personal information online for any suspicious activity,” Mr Steel said.
More information on tools and advice can be found on the accesscanberra.act.gov.au or cyber.gov.au websites.
The ACT Government will update the public on this matter weekly. Information can be found at accesscanberra.act.gov.au.