The ASD codenamed the hacker "Alf", a character played by Ray Meagher on Home and Away, Mr Clarke told the Australian Information Security Association conference.
The haul included commercially sensitive data - but not classified - on military equipment like the F-35 Joint Strike Fighter, P-8 Poseidon surveillance plane and C-130 transport plane was stolen, along with information on "a few Australian naval vessels".
Pyne said that the incident was "reminder to everyone in the industry and the government" to take cyber security seriously but said holding the government responsible for the breach was a "stretch".
"While the Australian company is a national security-linked contractor and the information disclosed was commercially sensitive, it was unclassified".
The breached Department of Defence contractor is an aerospace engineering firm with 50 employees.
Clarke told the conference that "the compromise was extensive and extreme".
About 30 gigabytes of data was stolen in the cyber attack, including details of the Joint Strike Fighter warplane and P-8 Poseidon surveillance plane, according to a presentation on the hack by a government official.
Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.
Vipshop Holdings Limited (VIPS) Downgraded by BidaskClub to "Strong Sell"
It turned negative, as 89 investors sold QCOM shares while 481 reduced holdings. 49 funds opened positions while 94 raised stakes. The current Wall Street consensus is expecting Vipshop Holdings Limited (NYSE: VIPS ) to report EPS of $N/A for the quarter.
"To the point where we found one document where it was a diagram of one of the navy's new ships, and you could zoom in down to the captain's chair and see it is one metre away from the nav chair", he said.
Australia has agreed to buy 72 Lockheed Martin Corp Joint Strike Fighter planes.
Clarke described the hack as "a very good exfil [exfiltration] for the actor". When BuzzFeed News sought a copy of the presentation directly from the department, a spokesperson for the Australian Cyber Security Centre provided a long response stating the data was not classified, without directly responding to the request.
The username and password combination used to access the company's system was the default "admin" and "guest".
"I don't know who did it.it could be one of a number of different actors".
The attack on the defence contractor was carried out by a "malicious cyber adversary", it said.
'There's no way this one IT person could have done everything perfectly across the whole domain, ' said Mr Clarke.
The breach began in July past year, but the Australian Signals Directorate (ASD) was not alerted until months later in November. The company rang both the ASD and CERT hotlines but both organisations said they were not aware that their representatives were approaching the company.