“Optus has responded to my request that I made both in the parliament and that Senator Wong made in writing to Optus, they will cover the cost of replacing affected customers’ passports,” he said.
“I think that is entirely appropriate.”
‘Operation Guardian’ to identify and protect cyber attack victims
Assistant commissioner Justine Gough said the operation will primarily focus on the 10,000 customers whose data was leaked before tackling the other 9.8 million customers possibly impacted.
The operation will do the following:
- Identify and protect the 10,000 individuals who had their personal data and identification information released online
- Monitoring online forums on the internet and dark web to check for anyone exploiting the information
- Working with the financial sector to detect criminal activity associated with the data breach
- Looking at trends from ReportCyber to determine links between exploited Optus customers and subsequent criminal activity
- Identifying and disrupting cyber criminals
Gough said Optus is fully cooperating with the operation.
“The AFP and law enforcement across Australia are taking this crime very seriously,” she said.
‘Long’ investigation to identify hacker and exact number of impacted customers
Gough said it will be a “long and complex” investigation to identify the hackers responsible for the cyber attack on Optus and for releasing the personal data of thousands of people.
However, new details emerged during the press conference about how the hacker has hidden their identity.
“We are aware that the offender has used obfuscation techniques to hide their identity,” she said.
Not only will it be a long investigation to identify the hackers, Gough anticipates it will take some time to figure out the exact number of Optus customers with exposed driver’s licences or passports.
She could not answer how many customers’ driver’s licences, passport numbers and Medicare numbers were compromised in the hack.
“We are still going through a large dataset,” she said.
‘Do not click on any links’
Gough has reinforced that Australians should make sure not to click any suspicious links in text messages and be careful when answering calls purporting to be Optus.
“Australians should look out for suspicious and unexpected activity across online accounts, including telco, bank and utility accounts, and make sure that they report suspicious activity to their bank accounts immediately,” she said.
“Do not click on any links in any emails or SMS claiming to be from Optus.
“If someone calls claiming to be from Optus, police, bank or another organisation, and offers to help with the data breach, consider hanging up and contacting the organisation on its official contact details.”
Scam text from ‘mum’ leads to account at Aussie bank