Australian Information Security Incident Reported: March 04 2020

Australian Cyber Attack March 2020: Fears private details of Australian Defence Force members compromised in database hack

A highly sensitive military database containing the personal details of tens of thousands of Australian Defence Force (ADF) members was shut down for 10 days due to fears it had been hacked.

Source: Fears private details of Defence Force members compromised in database hack | ABC News (Australia)
More reports from: ABC News (Australia).

New Report March 05: Citrix bug forced Defence to pull recruitment database offline | iTnews
Concerns over a critical Citrix vulnerability that first emerged in December forced the Department of Defence to pull its Defence Force Recruiting Network (DFRN) offline for ten days last month.

But the database containing the personal details of recruits, which has since been given a clean bill of health, was only shut down a month after the potential flaw was originally discovered.

Original Report —————————————————————————————–
The ABC can reveal Defence Force Recruiting’s outsourced electronic records system was taken offline and quarantined from other military networks in February, while IT specialists worked to contain an apparent security breach.

Since 2003, the Powerforce database has stored sensitive information about ADF recruits, under a contract awarded to the ManpowerGroup company.

Details stored on the online system include medical exams, psychological records and summaries of initial interviews with potential recruits.

The Defence Department acknowledged a “potential security concern” but suggested an investigation found there was no evidence of data being stolen.

Liberal MP Andrew Hastie is among tens of thousands of serving ADF members and veterans whose personal details are stored in the Powerforce database.

“Our government and defence networks should be fortresses — no breach can be considered small,” the Liberal MP said.