The Australian Federal Police (AFP) and state and territory police have set up Operation Guardian to protect more than 10,000 customers whose identification credentials were unlawfully released online under the Optus data breach this week.

The AFP announced today that customers affected by the breach will receive multi-jurisdictional and multi-layered protection from identity crime and financial fraud.

The 10,000 individuals, who potentially had 100 points of identification released online, will be prioritised.

Hackers cyberattacked the Optus database last week, and captured the details of nearly 10 million customers: their names, birth dates, phone numbers, drivers’ licence numbers, passport numbers, their home addresses, and whether they were renting or living with their parents.

• Optus hack breaches trove of customer data (24 September)

On Tuesday, they released the details of 10,000 customers – including email addresses from the ACT Government, and the Federal Departments of Defence and Prime Minister & Cabinet – and threatened to release 10,000 more each day if Optus did not pay a $1.5 million ransom by today.

• Hackers release data of 10,000 Optus customers (27 September)

Yesterday, the purported attacker deleted the blackmailing post; apologised for attempting to sell the data; and claimed to have deleted their copy of the data.

The ACT Government has issued free driver licences to those hacked Optus customers deemed most at risk of identity theft or fraud. Optus will fund the cost of these licences. It will also cover the costs for replacement passports.

• Optus agrees to pay for new passports (30 September)
• ACT Government issuing free driver licences to hacked Optus customers (28 September)

Under the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), a partnership between law enforcement, the private sector, and industry to combat the growing threat of cybercrime, Operation Guardian will shield affected customers, by:

• Identifying the 10,000 individuals across Australia now at risk of identity fraud, and alerting industry to further protect those members of the public;
• Monitoring online forums, the internet, and the dark web for other criminals trying to exploit the personal information released online;
• Engaging with the financial service industry to detect criminal activity associated with the data breach;
• Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited; and
• Identifying and disrupting cyber criminals.

The JPC3 will use the collective legislative powers, experience, investigative, and intelligence capabilities of all Australian policing jurisdictions.

It will also complement other agencies, including the work by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC).

As part of the broader AFP, ACT Policing will work with the AFP-led JPC3 on Operation Guardian to reduce the harm to the community from the Optus data breach. Access Canberra has established a dedicated team to take enquiries from people who are concerned about their ACT specific personal information such as their driver licence number or card number being compromised as part of this breach.

AFP Assistant Commissioner Justine Gough, Cyber Command, said that while a post on an online forum advertising the stolen data for sale had been removed, other criminals may have access to some, or all, of the data.

“Australian law enforcement agencies are working together and with industry partners to actively monitor any subsequent misuse of the data,’’ Assistant Commissioner Gough said.

“Australian law enforcement are aware of current criminal activity attempting to target and exploit impacted Optus customers that have been the subject of this data breach.

“Operation Guardian should send a clear warning to cybercriminals. The AFP, state, and territory police plus other agencies through the JPC3 have a laser-like focus, plus a significant number of resources and legislative powers, to identify cybercrime targets.”

The AFP has launched Operation Hurricane to identify the criminals behind the breach and shield Australians from identity fraud.

Assistant Commissioner Gough said Optus was co-operating fully with the AFP investigation, and the company’s early engagement and disclosure was helping the investigation.

The Australian Banking Association and Customer Owned Banking Association have advised that:

• Australian banks are working with the government and across the community to strengthen Australia’s cyber security resilience.
• Banks’ focus is on protecting customers, and have built strong cyber protection systems to keep their customers safe.
• During periods of heightened risk, banks increase their monitoring, and bolster existing safeguards.

Members of the public, especially Optus customers, should be extra cautious about unsolicited contact about the data breach.

There are reports that sophisticated scammers are contacting Optus customers via phone, email, and text to get further personal information from the victims of the breach.

The public are encouraged to:

• Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank, and utilities accounts. Report any suspicious activity in your bank account immediately to your financial institution;
• Do not click on any links in any email or SMS claiming to be from Optus;
• If someone calls claiming to be from Optus, police, bank, or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information.
• Never click on any links that look suspicious. Never provide your passwords, your bank’s one time pins, or any personal or financial information.
• If people call posing as a credible organisation and request access to your computer, always say no.

IDCARE, a cyber support charity, is helping people whose identities may have been misused as a result of the Optus breach.

David Lacey, IDCARE’s founding and managing director,  said anyone who believes their identity has been misused, can make an appointment with a Case Manager via the Get Help for Individuals online form.

He said that since the breach, IDCARE has responded to more than 10,000 requests for information from the public.

If you believe you are a victim of Cybercrime, report it to ReportCyber at cyber.gov.au.