The ASD codenamed the hacker "Alf", a character played by Ray Meagher on Home and Away, Mr Clarke told the Australian Information Security Association conference.
The haul included commercially sensitive data - but not classified - on military equipment like the F-35 Joint Strike Fighter, P-8 Poseidon surveillance plane and C-130 transport plane was stolen, along with information on "a few Australian naval vessels".
Pyne said that the incident was "reminder to everyone in the industry and the government" to take cyber security seriously but said holding the government responsible for the breach was a "stretch".
"While the Australian company is a national security-linked contractor and the information disclosed was commercially sensitive, it was unclassified".
The breached Department of Defence contractor is an aerospace engineering firm with 50 employees.
Clarke told the conference that "the compromise was extensive and extreme".
About 30 gigabytes of data was stolen in the cyber attack, including details of the Joint Strike Fighter warplane and P-8 Poseidon surveillance plane, according to a presentation on the hack by a government official.
Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.
Trump says likely to sign new healthcare order this week
The association health plans could be sold in a state that doesn't require policies to provide as many benefits as other states. But the new Obamacare website was not working well, and people with canceled plans were having trouble buying new ones.
"To the point where we found one document where it was a diagram of one of the navy's new ships, and you could zoom in down to the captain's chair and see it is one metre away from the nav chair", he said.
Australia has agreed to buy 72 Lockheed Martin Corp Joint Strike Fighter planes.
Clarke described the hack as "a very good exfil [exfiltration] for the actor". When BuzzFeed News sought a copy of the presentation directly from the department, a spokesperson for the Australian Cyber Security Centre provided a long response stating the data was not classified, without directly responding to the request.
The username and password combination used to access the company's system was the default "admin" and "guest".
"I don't know who did it.it could be one of a number of different actors".
The attack on the defence contractor was carried out by a "malicious cyber adversary", it said.
'There's no way this one IT person could have done everything perfectly across the whole domain, ' said Mr Clarke.
The breach began in July past year, but the Australian Signals Directorate (ASD) was not alerted until months later in November. The company rang both the ASD and CERT hotlines but both organisations said they were not aware that their representatives were approaching the company.