Select the directory option from the above "Directory" header!

ACT government falls victim to Barracuda’s ESG vulnerability

ACT government falls victim to Barracuda’s ESG vulnerability

The ACT government revealed it is responding to a security breach in the e-mail gateway system provided by Barracuda with the potential of personal information being impacted.

Credit: mark higgins / Shutterstock

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG) system. In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved. However, a harms assessment needs to be completed before the likelihood is confirmed.

Barracuda had first identified the CVE-2023-2838 vulnerability on 19 May issuing a patch worldwide on 20 May, followed by a second patch on 21 May. Then, on 30 May, the vendor revealed the earliest identified evidence of exploitation took place in October 2022.

Two days before the ACT government had revealed the security breach, Barracuda posted a warning that impacted appliances must be replaced immediately. The vulnerability existed in a module which initially screens the attachments of incoming emails.

ACT government response to security breach

Once the territory government detected the vulnerability, the ACT Cyber Security Centre immediately completed a rebuild of the Barracuda system to eliminate any ongoing vulnerability, the ACT government said in a statement.

“The investigation has now identified that a breach has occurred and a harms assessment is underway to fully understand the impact specific to our systems, and importantly to the data that may have been accessed,” the territory government said.

The government added is confident that actions taken to date have contained the breach and that there is no ongoing threat, and instructed citizens can continue to use ACT Government online systems with confidence.

The ACT government is working with the Australian Cyber Security Centre and Barracuda Networks on the ongoing investigation.

Weekly updates are expected to be shared in a page dedicated to the incident.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ACT government

Show Comments