Federal and state authorities have set up a new operation aimed at protecting the identities of 10,200 Optus customers whose details were published to an online forum following a massive data breach.
Operation Guardian, launched Friday, covers “the Australian Federal Police, all state and territory Police, the Australian Cyber Security Centre (ACSC), the Australian Banking Association (ABA), IDCARE and the Customer Owned Banking Association”.
The formation of ‘Operation Guardian’ appears to confirm the veracity of customer records that were published online by the alleged attacker as part of an extortion attempt.
A forum user threatened to drip-feed stolen details online while a ransom was unpaid.
One file was published, only to be removed, along with the threats to publish more - shortly after, though not before being accessed and analysed by users of other internet forums, which iTnews has chosen not to name or link to.
Analysis of the file showed the extent of data fields that had been breached.
There has been much speculation since then, inside and outside of cyber security circles, as to what led the forum user to suddenly change their mind.
Operation Guardian appears to confirm what other internet users suspected though - that the leaked file of 10,200 records is genuine.
“The AFP and state and territory police have set up Operation Guardian to supercharge the protection of more than 10,000 customers whose identification credentials have been unlawfully released online under the Optus data breach,” the agencies said in a statement.
“Customers affected by the breach will receive multi-jurisdictional and multi-layered protection from identity crime and financial fraud.
“The [10,200] individuals, who potentially had 100 points of identification released online, will be prioritised.”
Under Operation Guardian, agencies will work to identify all the impacted customers and “alert industry to enable further protection for those members of the public”.
They will also monitor for specific exploitation of this information, and work with the financial sector “to detect criminal activity associated with the data breach”.
AFP assistant commissioner cyber command Justine Gough said while the online forum post advertising the stolen data for sale had been removed, “other criminals may have access to some, or all, of the data.”
“Australian law enforcement are aware of current criminal activity attempting to target and exploit impacted Optus customers that have been the subject of this data breach,” Gough said.
More than an email
Home Affairs and cyber security minister Clare O'Neil said on Sunday that part of the AFP's work would involve directing Optus to properly inform people they are part of the 10,200.
She indicated that so far, the 10,200 people had been notified only via email, and said she had expressed dissatisfaction with that approach directly to Optus CEO Kelly Bayer Rosmarin on Sunday morning.
"I gave very clear feedback to Optus that an email was not going to cut it here," O'Neil said.
"An email is simply not sufficient under these circumstances. We are going to need to go through a process of directly speaking with those 10,200 individuals, and Optus needs to take up the mantle here to make sure that people are aware when they are directly at risk, as those people are.
"I've talked to the AFP commissioner a number of times this morning and I've asked the two organisations to liaise to agree on what additional communication efforts need to be taken with regard to those specific people.
"I have no doubt Optus will be keenly ensuring that further communications are undertaken."
Updated 2/10 with details from a weekend press conference.
