The Australian Federal Police (AFP) has launched an investigation into a massive data breach at telecommunications giant Optus after hackers put the personal information of up to 9.8 million Australians up for sale.
On September 26, AFP announced that it had created Operation Hurricane to track down the culprits behind cyberattacks and prevent victim impersonation.
the agency said statement He was aware of the sale of stolen information and had diverted considerable resources into the investigation.
Cyber Command deputy director Justine Gough said the investigation would be a very complex and time-consuming process, but AFD specializes in such types of investigations.
“We are aware of reports that stolen data is being sold on the dark web, and that is why AFP monitors the dark web using the capabilities of various experts.” she said.
“Criminals who use pseudonyms and anonymization techniques cannot see us, but I would say we can see them.”
AFP also said it was working closely with the Australian signal agency, overseas police and Optus during the investigation.
At the same time, Gough said Optus customers should be aware of unsolicited texts, emails and phone calls following the Optus data breach.
“AFP is working hard to educate communities and businesses on how to improve their online security, because ultimately it’s our job to protect Australians and our way of life. ‘ she said.
Following the data breach, law firm Slater and Gordon Lawyers is considering the possibility of filing a class action lawsuit against Optus on behalf of former and current clients.
Class action senior associate Ben Zocco said vulnerable people, such as survivors of domestic violence and stalking victims, could be put at risk by the leaked information.
He added that while some customers may face less severe consequences, stolen data could easily lead to identity theft.
Earlier on Sept. 27, hackers exposed the personal information of more than 10,000 people on a popular online data breach forum and demanded a ransom of $1 million from Optus within seven days, purporting to release 10,000 records daily. threatened. Australian person report.
However, they later appeared to have deleted the original post, declaring that the data would not be sold to anyone.
“Too many eyes. We will not sell our data to anyone. [sic] If you want to delete data from the drive privately (copy only),” a supposed hacker said, Australian person.
“sorry [sic] 10,200 Australian whos data exposed.
“Ransomware is not paid [sic] but we don’t [sic] I don’t care anymore It was a mistake to scrape public data in the first place. ”
The exposed personal information was found to include data such as names, email addresses, addresses, passport numbers, driver’s license numbers, dates of birth and, in some cases, Medicare numbers.