Blueprints for ASIO's new $631 million building were stolen by someone in China when a computer system containing the information was hacked.
According to a report by the ABC's Four Corners, the blueprints included floor plans and the locations of communications cabling, servers and security systems.
The theft of the blueprints occurred after hackers mounted a cyber attack on a contractor involved with building the new headquarters. They were reportedly traced to a server in China.
The incident, which has renewed calls for government agencies to make mandatory disclosures in the event they are hacked, is partly responsible for continuing delays in opening the new ASIO building, which was meant to have been operational last month, Four Corners reported.
Costs have so far blown out by $171 million and it will not open until the latter half of this year.
The lead contractor is Bovis Lend Lease, but there is no suggestion it was the organisation hacked.
The departments of prime minister and cabinet, defence, tourism and foreign affairs and trade - home of Australia's overseas intelligence agency ASIS - have also been hacked, according to the program.
Attorney-General Mark Dreyfus declined to comment.
The cyber attack targeting the Department of Foreign Affairs and Trade reportedly involved the theft of a highly sensitive document by a foreign power.
A source told the program a Chinese foreign intelligence service was behind the hacking.
A separate source said that hackers had also accessed classified emails on the Defence Department's restricted network, which connects the entire Australian military.
A separate attack on the Defence Department involved an employee sending a highly classified document from his desk computer to his home email account.
Hackers had targeted the officer's home computer, allowing a copy of the document to be sent back to China once opened at home.
The hacking incidents, which are largely shrouded in secrecy, have reopened the debate on whether the government should impose mandatory data breach disclosure laws on organisations that have had a data breach.
A proposal for mandatory disclosure laws was included in a discussion paper released by former attorney-general Nicola Roxon in October 2012.
The discussion paper talks about organisations, companies and government agencies being forced to disclose breaches.
Alastair MacGibbon, a former Australian Federal Police officer who established its high-tech crime centre, said mandatory disclosure was necessary.
Four Corners also reported that Codan, a defence contractor based in Adelaide that designs and builds communications equipment for radio, satellite and metal detection applications, had also been targeted.
A spokesman for the company said it had beefed up its security.
Know more? firstname.lastname@example.org
This reporter is on Facebook: /bengrubb
Sign up for our newsletter to stay up to date.