World NewsAustralia News

Australian Federal Police Investigates Optus Cyberattack as Stolen Data Put on Sale

Save
Australian Federal Police Investigates Optus Cyberattack as Stolen Data Put on Sale
A general view of the Australian Federal Police emblem during a press conference in Melbourne, Australia, on Sept. 30, 2014. Scott Barbour/Getty Images
Alfred Bui
Updated:

The Australian Federal Police (AFP) have launched an investigation into the massive data breach at the telecommunications giant Optus as the hackers put the personal information of up to 9.8 million Australians on sale.

On Sept. 26, the AFP announced it had established Operation Hurricane to track down the culprits behind the cyberattack and prevent identity fraud of those affected.

The agency said in a statement that it was aware of the sale of the stolen information and had diverted significant resources into the investigation.

Assistant Commissioner of Cyber Command Justine Gough said that while the investigation would be a very complex and lengthy process, the AFD specialised in such type of investigation.

“We are aware of reports of stolen data being sold on the dark web, and that is why the AFP is monitoring the dark web using a range of specialist capabilities,” she said.

“Criminals, who use pseudonyms and anonymising technology, can’t see us, but I can tell you that we can see them.”

The AFP also mentioned that it would work closely with the Australian Signals Directorate, overseas police and Optus during the investigation.

At the same time, Gough said Optus customers should be on guard against unsolicited texts, emails and phone calls following the Optus data breach.

“The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life,” she said.

Recent Developments

Following the data breach, the law firm Slater and Gordon Lawyers is considering the possibility of filing a class action lawsuit against Optus on behalf of its former and current customers.

Class actions senior associate Ben Zocco said vulnerable people, including domestic violence survivors and victims of stalking, could be at risk due to the leaked information.

He added that while some customers might face less serious consequences, the stolen data could easily result in identity theft.

A 'Yes Optus' sign hangs outside of an Optus store in Melbourne, Australia, on April 30, 2014 . (Scott Barbour/Getty Images)
A 'Yes Optus' sign hangs outside of an Optus store in Melbourne, Australia, on April 30, 2014 . Scott Barbour/Getty Images
Early on Sept. 27, the hackers released the personal information of over 10,000 people on a popular online data breach forum and threatened to publicise 10,000 records every day as it demanded Optus pay a ransom of US$1 million within seven days, the Australian reported.

However, they later appeared to delete the original post and declared that the data would not be sold to anyone.

“Too many eyes. We will not sale data to anyone. We cant [sic] if we even want to: personally deleted data from drive (Only copy),” the supposed hacker wrote, as reported by The Australian.

“Sorry too [sic] 10,200 Australian whos data was leaked.

“Ransomware not payed [sic] but we dont [sic] care any more. Was mistake to scrape publish data in first place.”

The released personal information was found to contain data such as name, email address, physical address, passport number, driver’s licence number, date of birth, and in some cases, Medicare numbers.

Alfred Bui
Alfred Bui
Author
Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].
Related Topics