The ACT government revealed it is responding to a security breach in the e-mail gateway system provided by Barracuda with the potential of personal information being impacted.

By

Regional Editor for Australia and New Zealand,

CSO |

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to be clear.

Barracuda had first identified the CVE-2023-2838 vulnerability on 19 May issuing a patch worldwide on 20 May followed by a second patch on 21 May. A few days later, on 30 May, the vendor revealed the earliest identified evidence of exploitation took place in October 2022.

Two days before the ACT government had revealed to be responding to a security breach, Barracuda posted a warning that impacted appliances must be replaced immediately. The vulnerability existed in a module which initially screens the attachments of incoming emails.

ACT government response to security breach

Once the territory government detected the vulnerability the ACT Cyber Security Centre immediately completed a rebuild of the impacted Barracuda system to eliminate any ongoing vulnerability, the ACT government revealed in a statement. “The investigation has now identified that a breach has occurred and a harms assessment is underway to fully understand the impact specific to our systems, and importantly to the data that may have been accessed.”

The territory government is confident that actions taken to date have contained the breach and that there is no ongoing threat, and instructed citizens can continue to use ACT Government online systems with confidence.

The ACT government is working with the Australian Cyber Security Centre and Barracuda Networks on the ongoing investigation.

Weekly updates are expected to be shared in a page dedicated to the incident.

With years of experience covering technology and business across the IT channel, Samira Sarraf managed the enterprise IT content at and wrote for the CIO.com, CSO Online, and Computerworld editions in Australia and New Zealand. She is now an editor with CSO Online global.

Copyright © 2023 IDG Communications, Inc.