The ACT Government is currently responding to a security breach that has affected Barracuda, an e-mail gateway system that supports some ACT Government ICT systems.
Barracuda identified a vulnerability in their Email Security Gateway and issued a public vulnerability notification on 24 May.
As part of our routine cyber security measures, the ACT Cyber Security Centre discovered the public notification and investigated.
The potential vulnerability was detected as being present and the ACT Cyber Security Centre immediately completed a rebuild of the impacted Barracuda system to eliminate any ongoing vulnerability.
The investigation has now identified that a breach has occurred and a harms assessment is underway to fully understand the impact specific to our systems, and importantly to the data that may have been accessed.
We are confident that actions taken to date have contained the breach and that there is no ongoing threat. Canberrans can continue to use ACT Government online systems with confidence.
The ACT Cyber Security Centre has stood up the Cyber Incident Management Team and is working with the Australian Cyber Security Centre and Barracuda Networks on the ongoing investigation.