AFP logo at EBB Canberra

AFP working with overseas law enforcement on Optus breach

26 September 2022, 4:10pm
Media Release

AFP working with overseas law enforcement on Optus breach

Editor’s note: Audio grabs from Assistant Commissioner Gough are available via Hightail

The AFP is gathering crucial evidence from the breach of Optus data and is working closely with overseas law enforcement to identify the offenders behind this attack.

Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud.

The AFP is aware of reports of the sale of stolen data and investigations are continuing.

To protect the integrity of the criminal investigation, the AFP will not divulge what information it has obtained in the first few days of Operation Hurricane.

However, the public can be assured that since a report from Optus on 23 September, 2022, the AFP has diverted significant resources to the investigation.

The newly established AFP-led JPC3, which is a joint partnership between law enforcement, the private sector and industry to combat the growing threat of cybercrime, is providing further capability in the investigation.

The AFP is also working closely with Optus, the Australian Signals Directorate and overseas law enforcement.

Assistant Commissioner Cyber Command Justine Gough said while the investigation was going to be extremely complex and very lengthy it was important to note that the AFP specialised in investigations of this type.

“This is an ongoing investigation but it is important the community knows the AFP and our partners are doing everything within scope to identify the offenders responsible, and to also ensure we can protect individuals who are now potentially vulnerable to identity theft,” Assistant Commissioner Gough said.

“We know this may be a stressful time for many members of the community so I want to be clear and honest with the public.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities. Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.

“A key focus, which we have had success in the past, is to identify those criminals.

“It is an offence to sell or buy stolen identification credentials, with penalties of up to 10 years’ imprisonment.

“Our presence and focus extends outside Australian borders, and AFP specialised cyber investigators are permanently based in the United Kingdom, United States, Europe and Africa.

“We will use all our technical capabilities and tools to protect the public from cybercrime but we also need the public to be extra vigilant.

“Cybercrime is the break-and-enter of the 21st Century and this breach is not the first and is unlikely to be the last.

“With that in mind, we ask all Australians to think about their online security and take practical measures to better protect themselves from scams and phishing attempts.”

Members of the public, especially current and former Optus customers, should be extra vigilant in monitoring unsolicited text messages, emails and phone calls.

“However, this message is extended to all Australians,” Assistant Commissioner Gough said.

“The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life.”

For practical cyber safety tips, visit:

Those who believe they have fallen victim to cybercrime should immediately contact ReportCyber on:

If you are concerned that your identity has been compromised, contact the national identity and cyber support service IDCARE:

Media enquiries:

AFP Media: (02) 5126 9297

Connect with us: Follow our Facebook, Twitter, LinkedIn, Instagram and YouTube pages to learn more about what the AFP does to keep Australia safe.