The breach occurred in July 2016 and the Australian Signals Directorate found out about it from "a partner organisation", in November that year.
ASD incident response manager Mitchell Clarke told a conference in Sydney yesterday that the 30Gb of data that was stolen included information about the F-35 joint strike fighter and warships, according to Fairfax Media.
The aerospace engineering firm in question had an IT department consisting of just one person who had been working there for nine months.
He said the data stolen included information on "the [F-35] Joint Strike Fighters, the C-130, the P-8 Poseidon, the JDAM — that's a smart bomb — and a few Australian naval vessels".
The Poseidon is a spy plane which Australia has bought.
The data was not classified but was commercially sensitive in nature, according to the Australian Cyber Security Centre.
Clarke said the incident response team was "getting busier and busier as time goes on and we have less and less people so it's getting difficult for us and we're seeing I guess a really large workload".