The Department of Defence fears the personal data of personnel, such as dates of birth, may have been compromised after a communications platform used by the military was hit by a ransomware attack.
Hackers have targeted the ForceNet service, which is run by an external information and communications technology (ICT) provider, with the company initially telling Defence no data of current or former personnel appeared to have been compromised.
However, a source with knowledge of the investigation said Defence believed some private details such as dates of birth and dates of enlisting may have been stolen, despite early indications to the contrary from the external provider.
In a message to all staff, the defence secretary and defence chief said the matter was being taken "very seriously".
There has been a spate of cyber attacks in recent weeks, from telecommunication companies to health insurers.
Medibank last week confirmed a criminal entity behind the cyber attack on the company had access to the data of at least 4 million customers, some of which included health claims.
A month earlier, Optus announced a cyber attack had exposed the data of almost 10 million Australians, with significant amounts of data stolen from 2.8 million people.
Minister for Defence Personnel Matt Keogh said ForceNet held up to 40,000 records.
"I think all Australians, and rightly the Australian government, is quite concerned about this sort of cyber activity that's occurring, people seeking through nefarious means to get access to others' personal data," he said.
In their email to staff, the Defence bosses were adamant the hack of ForceNet was not an attack on the department's IT systems.
"We are taking this matter very seriously and working with the provider to determine the extent of the attack and if the data of current and former APS [Australian public service] staff and ADF personnel has been impacted," they wrote.
"If you had a ForceNet account in 2018, we urge you to be vigilant but not alarmed.
"Initial discussions with the service provider indicate there is no evidence that the data of current and former APS staff and ADF personnel has been compromised.
"We are nevertheless examining the contents of the 2018 ForceNet dataset and what personal information it contains."
The note to staff warned that Defence expected the frequency, intensity and sophistication of hacks to grow with time. It reminded staff they were not immune from attacks.
Assistant Minister for Defence Matt Thistlethwaite said the attack was being taken "very seriously", with the ADF in the process of contacting members.
"They're suggesting considering changing passwords and moving to two-factor authentication and the like, but importantly, the aim will be to support ADF personnel," he said.
"There is no evidence of a dataset being breached at this stage."