Optus

The Australian Federal Police (AFP) announced today the launch of Operation Guardian to ensure that more than 10,000 customers who had their info leaked in the Optus data breach will get priority protection against fraud attempts.

This operation was set up under the Joint Policing Cybercrime Coordination Centre (JPC3), a partnership that allows law enforcement, the private sector, and industry to join efforts and fight cybercrime.

Throughout Operation Guardian, JPC3 members can use full and collective legislative powers and investigative and intelligence capabilities of all Australian policing jurisdictions to help boost the breach victims’ protection against fraudsters.

“The AFP and state and territory police have set up Operation Guardian to supercharge the protection of more than 10,000 customers whose identification credentials have been unlawfully released online under the Optus data breach,” the AFP said.

“Customers affected by the breach will receive multi-jurisdictional and multi-layered protection from identity crime and financial fraud. The 10,000 individuals, who potentially had 100 points of identification released online, will be prioritised.”

As the AFP explained, Operation Guardian will focus on multiple measures that would help shield affected customers, including:

  • Identifying the 10,000 individuals across Australia now at risk of identity fraud and alerting industry to enable further protection for those members of the public,
  • Monitoring online forums, the internet, and the dark web for other criminals trying to exploit the personal information released online,
  • Engaging with the financial service industry to detect criminal activity associated with the data breach,
  • Analyzing trends from ReportCyber to determine whether there are links between individuals who have been exploited, and
  • Identifying and disrupting cybercriminals.

Cybercriminals are already using the personal information leaked online after Optus, Australia’s second-largest mobile operator, was hacked earlier this month.

“Scammers are now sending phishing emails and text messages to victims requesting money to be sent to prevent their credentials been used fraudulently,” said Detective Chief Inspector Darren Fielke. “Do not respond to any of these requests for money or requests for the purchase of gift cards.”

Optus disclosed the security breach on September 22, saying that an unknown attacker might have gained access to some of its customers’ sensitive personal information.

This info includes customer names, dates of birth, phone numbers, email addresses, physical addresses, driver’s licenses, and passport numbers, but no financial information or account passwords.

The next day, a threat actor named ‘optusdata’ published a sample of the stolen data (containing the record of 10,200 Optus customers) on the Breached hacking forum and demanded a $USD1,000,000 ransom so the data for 11,000,000 customers would not be leaked online. 

Today’s announcement comes after the hacker who claimed to have breached Optus and stole the data of 11 million customers has withdrawn their extortion demands after landing in law enforcement crosshairs.

The threat actor has also apologized to the thousands of people whose personal data they leaked on a hacking forum.

“Too many eyes. We will not sale data to anyone. We can’t if we even want to: personally deleted data from drive (only copy),” the threat actor said. “Sorry too 10.200 Australian whos data was leaked.”

Alleged hacker's statement
Alleged hacker’s statement (BleepingComputer)

The attacker’s decision was likely forced by the AFP announcing the launch of Operation Hurricane to identify the threat actors behind the Optus breach and the extortion demand.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities,” the AFP said.

“Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.”

Since the breach, Optus has continuously shared up-to-date information on the investigation with its customers via a dedicated portal.

On the same page, affected individuals can also find info on Equifax Protect eligibility and on how to update their driver’s license and Medicare card number information to thwart fraud attempts.

Source: www.bleepingcomputer.com