"I don't think you can try and sheet blame for a small enterprise having lax cyber security back to the federal government".
Clarke said the incident response team was "getting busier and busier as time goes on and we have less and less people so it's getting hard for us and we're seeing I guess a really large workload".
Pyne said that the breach did not poorly reflect on the government or on standards it imposed on suppliers to defence contracts.
Bill Shorten says he's lost for words over the breach.
Sensitive information about Australia's defence programmes has been stolen in an "extensive" cyber hack.
"It included information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels".
Another document was a wireframe diagram of one of the Australian navy's new ships, where a viewer could "zoom in down to the captain's chair". He said the organisation only had one IT person and that person had only been in the job for a short while.
European Union tightens sanctions on N. Korea in line with United Nations resolution
In July, Hawaii became the first state to announce a public campaign urging those living there to prepare for a nuclear attack . However, it mentioned concerns over the current missile tests being launched by Kim Jong-Un in North Korea .
The admin password, to enter the company's web portal, was "admin" and the guest password was "guest".
The culprit used a tool called "China chopper" that is reportedly used by Chinese hackers, Mr Clarke said.
"It could be one of a number of different actors", Defence Industry Minister Christopher Pyne told the Australian Broadcasting Corp on Thursday.
"South Australia has a strong Defence industry, and QinetiQ's new office demonstrates their confidence in and commitment to Australia and Australian jobs", Pyne said.
Speaking to ABC Radio National Breakfast, Pyne also confirmed that the Australian Signals Directorate (ASD) and CERT Australia had been tipped off to the breach "by a prime" contractor to Defence. Clarke said that this would have made it easier for the hacker to access all the sensitive data on the firm's servers, because the firm used common username and passwords on every machine in the firm, and once it had the initial passwords, that was all it needed.
Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.
"If we got lucky this time, and it was only sensitive information, not even more significant information, we need to make sure there is no next time, the government needs to wake up to itself, start taking its responsibility seriously and start protecting sensitive defence information".