Operation Guardian expanded to protect stolen information of Australians

Editor's note: A video and audio recording of Assistant Commissioner Cyber Command Justine Gough's press conference on 9 November is available via Hightail.

The AFP has expanded Operation Guardian to protect Medibank Private customers whose personal information has been unlawfully released online by ransomware criminals.

The AFP is aware that distressing and very personal information has been released on the dark web and has immediately taken measures, including covert techniques, to identify further criminal activity.

Investigators within the AFP’s Cyber Command are working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are buying or selling personal identification information.

It is an offence to buy stolen information online, which could include a penalty of up to 10 years’ imprisonment. It is also an offence to blackmail or menace customers.

The AFP-led Operation Pallidus, which is focussed on the criminal data breach, is also working with Commonwealth agencies and Five Eyes Law Enforcement partners, including the FBI.

The AFP has significant powers within its remit, including legislation that precludes the AFP from revealing when they are in use.

Those powers are a chilling reminder to hackers, and those who will attempt to piggyback off those criminals, that the AFP will relentlessly pursue them.

Operation Guardian, a joint initiative with state and territory police set up in September to protect more than 10,000 customers whose identification credentials were unlawfully released online under the Optus data breach, will now extend to Medibank Private customers.

A Sydney man yesterday (8 November, 2022) pleaded guilty to trying to blackmail Optus customers after he was charged by the AFP.

 AFP Assistant Commissioner Cyber Command Justine Gough said the criminal or criminal groups behind this attack may be offshore but that would not deter the AFP.

“We have significant powers, determination and access to international law enforcement networks to help investigate this breach.

“This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared.

“It is an offence to buy stolen data, which could be used for financial crimes.

“Just as importantly, the AFP is aware that the unlawful release of private health information can be distressing and embarrassing for some of those affected by the Medibank data breach.

“To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.

“Operation Guardian will be actively monitoring the clear, dark and deep web for the sale and distribution of Medibank Private and Optus data.

“Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offences using stolen Medibank Private data.

Assistant Commissioner Gough said just downloading or assessing stolen Medibank Private data may constitute a criminal offence.

“As a force multiplier, we use the powers and authorities of all of our agencies to disrupt the sale and distribution of the unlawfully-obtained data,’’ Assistant Commissioner Gough said.

The public are encouraged to:

  • Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution;
  • Do not click on any links in any email or SMS claiming to be from Optus or Medibank Private;
  • If someone calls claiming to be from Optus, Medibank Private, police, bank or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information.
  • Never click on any links that look suspicious and never provide your passwords, your bank’s one time pins, or any personal or financial information, and.
  • If people call posing as a credible organisation and request access to your computer, always say no.

If you believe you are a victim of Cybercrime, report it to ReportCyber at cyber.gov.au.

If there is an imminent threat to your safety call Triple Zero.

Media enquiries:
AFP Media: (02) 5126 9297

Connect with us: Follow our Facebook, Twitter, LinkedIn, Instagram and YouTube pages to learn more about what the AFP does to keep Australia safe.

If it doesn't add up, speak up. Call the National Security Hotline - 1800 123 400.

Read the AFP Annual Report 2020-21

Australian Centre to Counter Child Exploitation - visit website

Policing and community news from the AFP