The ForceNet service, one of the external providers that the defence department contracts to run one of its websites, has come under attack, but so far, no data have been compromised, assistant minister for defence Matt Thistlethwaite said.

“I want to stress that this isn’t an attack or a breach on defence (technology) systems and entities,” Thistlethwaite told ABC Radio.

“At this stage, there is no evidence that the data set has been breached, that’s the data that this company holds on behalf of defence”.

However, some private information such as dates of birth and enlistment details of military personnel may have been stolen, the Australian Broadcasting Corp reported, citing an unidentified source with knowledge of the investigation.

Thistlethwaite said the government will view the incident “very seriously” and all defence personnel have been notified, with suggestions to consider changing their passwords.

A defence department spokesman told Reuters in an emailed statement that the department was examining the contents of the impacted data set and what personal information it contained.

Ransom software works by encrypting victims’ data and hackers typically will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.

Some of Australia’s biggest companies, including second-ranked telecoms company Optus, owned by Singapore Telecommunications, and the country’s biggest health insurer, Medibank, have had data hacked recently, likely exposing the details of millions of customers.

Technology experts said the country has become a target for cyberattacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it.