Austal breach: Defence says no sign classified data compromised

Shipbuilder says it won’t give in to extortion demands by hacker

The Department of Defence says that so far investigations into a cyber security breach at shipbuilder Austal have not identified any compromise of classified or sensitive information or technology.

In a statement released yesterday to the ASX, Austal said that its management systems had been breached “by an unknown offender”.

The company said it referred the matter the Australian Cyber Security Centre (ACSC) and the Australian Federal Police.

Austal said its IT team had implemented additional security measures and that it had informed a “small number of stakeholders who were potentially directly impacted”.

“No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security nor the commercial operations of the company have been stolen: ship design drawings which may be distributed to customers and fabrication sub-contractors or suppliers are neither sensitive nor classified,” the company’s statement said.

Austal said that some staff contact details were accessed in the breach.

“Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion,” Austal said. “The company has not and will not respond to the extortion attempts.”

“Defence and the ACSC have provided cyber security assistance to Austal and are working with Austal to assess and mitigate harm,” Defence’s statement said.

“The Government will continue to actively deter and respond to malicious cyber activity, and any impact it may have on Australia.

“As this matter is still being investigated by the AFP and the ACSC, it would be inappropriate to comment further.” 

Austal describes itself as Australia’s largest defence exporter and the only ASX-listed shipbuilder.