Defence Industry Minister Christopher Pyne says the government can't be blamed for the sloppy cyber security of its sub-contractor that led to hackers stealing 30 gigabytes of commercially-sensitive data.

So lax were the security measures employed by the defence sub-contractor – a small aerospace engineering firm with about 50 employees – that it used default logins and the passwords "admin" and "guest".

Details of the hacking were revealed at a conference on Wednesday by Australian Signals Directorate manager Mitchell Clarke, who described the data breach as "extensive and extreme".

A "significant" amount of data was stolen over four months in 2016, including sensitive information about Australia's $14 billion Joint Strike Fighter program, our next fleet of spy planes, and several naval warships.