Following the recent Optus data breach, the AFP announced that it will be working with overseas law enforcement under Operation Hurricane to identify the offenders behind the attack.
Now, Operation Guardian has been launched to ensure an effective and collaborative approach to protecting Optus customers.
What is Operation Guardian?
Under the AFP-led JPC3, which is a joint partnership between law enforcement, the private sector and industry to combat the growing threat of cybercrime, Operation Guardian will focus on protecting the more than 10,000 customers whose identification credentials have been unlawfully released online under the Optus data breach. Key measures involved in the operation include:
- Identifying the individuals across Australia now at risk of identity fraud and alerting industry to enable further protection for those members of the public.
- Monitoring online forums, the internet and the dark web for other criminals trying to exploit the personal information released online.
- Engaging with the financial service industry to detect criminal activity associated with the data breach.
- Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited.
- Identifying and disrupting cybercriminals.
Multi-jurisdictional and multi-layered protection
The JPC3 will use collective legislative powers, experience, investigative and intelligence capabilities of all Australian policing jurisdictions, including all State and Territory Police.
It will also collaborate with the Australian Cyber Security Centre and other industry partners including IDCARE, Australian banks, the Australian Banking Association, and the Customer Owned Banking Association.
“Australian law enforcement agencies are working together and with industry partners to actively monitor any subsequent misuse of the data,’’ said AFP Assistant Commissioner Cyber Command Justine Gough.
“Operation Guardian should send a clear warning to cybercriminals. The AFP, state and territory police plus other agencies through the JPC3 have a laser-like focus, plus a significant number of resources and legislative powers, to identify cybercrime targets”, Assistant Commissioner Gough said.
What is the threat?
Assistant Commissioner Gough advised that Australian law enforcement are aware of current criminal activity attempting to target and exploit current and former Optus customers that have been impacted by the data breach.
While a post on an online forum advertising the stolen data for sale has already been removed, other criminals may have access to the data. There are reports that sophisticated scammers are contacting Optus customers via phone, email and text to get further personal information which may be used to commit fraud.
All partners involved in Operation Guardian are advising members of the public, especially Optus customers, to be extra cautious about unsolicited contact, including if the contact is about the breach itself. For example, a scammer may claim to be from Optus, the police, a bank or another organisation, and offer to “help” a potential victim with the data breach.
Key takeaways
Operation Hurricane has been established under the AFP-led JPC3 to provide multi-jurisdictional and multi-layered protection to Optus customers, following the recent data breach. While Australian law enforcement and partner agencies will be working closely together to protect the Australian public, and to identify and disrupt cybercriminals, it is still critical for individuals to remain vigilant about any unsolicited contact.