The ACT Government continues to respond to a security breach that has affected Barracuda, an e-mail gateway system that supports some ACT Government ICT systems.
Cyber security investigations are complex and often take some time. Following an initial harms assessment, our investigation will now be undertaken in a phased way to allow a thorough analysis and the appropriate prioritisation of next steps.
There continues to be no requirement for any action by the community at this stage.
Phase 1 – Complete
The following steps have been taken as part of Phase 1.
- Isolation & rebuild of the affected system
The ACT Cyber Security Centre immediately isolated and replaced the Barracuda system eliminating any ongoing vulnerabilities.
- Initial Assessment
An initial assessment was undertaken via our Chief Information Officer Network to identify the systems in ACT Government that interact with the Barracuda system.
- External Expertise
The ACT Cyber Security Centre has engaged the Australian Cyber Security Centre (ACSC), and external Cyber Security experts to assist with the response including doing regular checks, on our replacement system and our systems more broadly.
Following the completion of Phase 1 we can confirm that there continues to be no definitive evidence of any information being removed or misused from our systems. No customers of Barracuda affected by the breach worldwide have been contacted by the threat actor.
Phase 2 – Underway
The completion of phase 1 has identified the breadth and complexity of the work required in phase 2. This phase includes;
- Thorough analysis of identified systems and impacts
With the completion of phase 1 identifying the systems that have the ability to interact with the Barracuda system, we are now working to assess each individual system and the scope of information that may have been exposed. In order to move through this phase as quickly as possible we are also engaging external support.
Phase 3
Phase 3 will outline the recommended risk-based actions that the community could take following completion of the exhaustive analysis we will undertake in Phase 2.
Given the complexity of Phase 2, it is expected that it will now be several weeks before we have meaningful information to pass on. We remain committed to providing this information via the Access Canberra website and will deliver our next update as the information becomes available.
With many types of cyber crime it is often not possible to identify all information that may have been compromised. This, combined with information that many of us are sharing online via social media means that taking precautions to protect our personal information is now more important than ever.
There are many ways that information can be compromised online. We encourage you to visit Cyber.gov.au, which has extensive information on how to protect your information online, how to recognise and report issues and how to respond if you are concerned your information has been compromised.
Further updates will be provided via www.accesscanberra.act.gov.au.