An investigation into a cyberattack that crippled government services has discovered circumstantial evidence that personal data may have been exfiltrated.

David Burt, the Premier, said it was still not clear if personal information held on the Government’s computer systems had been obtained by the hackers, but that the investigation was now “working on that assumption”.

At a press conference yesterday, the Premier said: “The forensic review of the attack and its impact continues, but there has not been a forensic confirmation of the exfiltration of data.

“Notwithstanding the fact that this has not been forensically confirmed, there is circumstantial evidence that data may have been taken, and we’re working on that assumption with the Government’s privacy team to ensure that impacted parties can be notified.”

Mr Burt declined to provide details of the extent or nature of any personal information that may have been exposed to the hackers.

He said: “With these investigations the one thing that is important is that you only state what you know definitively. And as part of this you look into gathering any forensic evidence that you can point to and say that exfiltration did take place.

“We have been unable to determine that. However, from the research and the investigation from the teams, there did seem that there was an ability for the attackers to do that from some things which we have found.

“We have not been able to confirm that, but they did have the ability to do so, and so we are proceeding upon the basis, understanding which files may have been accessed, and working with the Government’s privacy team to ensure that appropriate notifications are made to parties who may be affected.

“We do not have confirmed forensic evidence that exfiltration took place. We are operating under the assumption that we’ve discovered that this capability may have been there. We’re going with an abundance of caution.

Mr Burt repeatedly refused to confirm if the hackers had sent the Government a ransom note or provide any other details about the attack.

He did say that once services had been resumed, a parliamentary committee will be formed to investigate all aspects of the attack.

Questioned by reporters, he said: “I will only repeat the answers I gave to you before, that we are focused on working with our cybersecurity access, law enforcement to make sure that we continue to secure our systems. It’s an ongoing, active investigation and it would not be prudent for us to comment on these matters at this time.

“All those things will be transparently disclosed when there’s an inquiry and I know that persons want to get that information, but it’s important that we focus on the restoration efforts and the security efforts before we start disclosing various factors.

“There are many types of speculation as to what may or may not have happened but what I’m going to say is the position of which I stated previously. There’s no way that we can comment on any specifics dealing with these particular matters.”

“It was vital that we did not share information that would incentivise our attackers, who we had to assume were always watching and listening, and compromise our restoration efforts.

“Once our systems are fully restored and services have returned to normal operations, the Government will initiate a full inquiry into the matter.

“In my view the best place for this to be will be via the parliamentary process so that government backbenchers and opposition members are able to participate.

“I will discuss this with the Speaker of the House and the Leader of the Opposition and work with them to establish an appropriate parliamentary committee to look into this matter.”

Michael Weeks, the Minister of National Security, who also attended the press conference, confirmed that police were in contact with him daily to provide updates on the investigation. When pressed, the minister refused to provide any details of those updates.

Mr Burt said that it was hoped there will be “full system restoration” by the end of this week.

He listed a number of government departments that had had their IT systems restored since he gave his last update, including the departments of Immigration and Planning, and the Post Office. Systems at LF Wade International Airport are also now operational, and government cashiers can now accept credit card payments.

He said: “A critical department that has not been fully restored is the Attorney-General’s Chambers and the legislative drafting to ensure that we can continue to draft legislation and orders.

“A further matter that I know that they’re hoping to get up today or tomorrow is the court recording system.

Describing the attack as “sophisticated” and “malicious”, Mr Burt said that the Government had been working on “enhancing” its security systems just before the hackers struck.

He said: “The team at Information and Digital Technologies were in the process of implementing new monitoring tools to gain insights into our IT infrastructure.”

He added that technical officers had recently completed a full risk assessment of government systems and had developed a security plan.

He said: “In the wake of this attack, our teams within IT have implemented new tools to further strengthen our security posture to greatly reduce the possibility of such an incident happening in the future.”