Australians caught up in the Medibank breach are to receive multi-jurisdictional and multi-layered protection from identity crime and financial fraud through the Australian Federal Police’s Operation Guardian.
Assistant Commissioner Cyber Command at AFP, Justine Gough said the Operation, which was a joint initiative with State and Territory police, was setup in September in response to the Optus data breach and had now been expanded to protect Medibank Private customers.
“The AFP is aware that distressing and very personal information has been released on the dark web and has immediately taken measures, including covert techniques, to identify further criminal activity,” Assistant Commissioner Gough said.
“Investigators within the AFP’s Cyber Command are working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are buying or selling personal identification information,” she said.
“To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made.”
Assistant Commissioner Gough said Operation Guardian would actively monitor the “clear, dark and deep web” for the sale and distribution of Medibank Private and Optus data.
AFP Commissioner Reece Kershaw said the AFP was undertaking covert measures and working around the clock with its domestic agencies and international networks, including INTERPOL.
“This is important because we believe that those responsible for the breach are in Russia,” Commissioner Kershaw said.
“Our intelligence points to a group of loosely affiliated cyber criminals, who are likely responsible for past significant breaches in countries across the world,” he said.
“These cyber criminals are operating like a business with affiliates and associates, who are supporting the business.”
Commissioner Kershaw said talks were being held with Russian law enforcement about the individuals the AFP believed were responsible for the breach.
He pleaded with businesses to ensure their systems were secure, saying that cybercrime was the break and enter of the 21st Century and personal information was being used as currency.