AFP investigating Medibank ‘dark web’ data leak
Australian Federal Police is expanding Operation Guardian to investigate the health fund’s data leak - a strikeforce initially set up in response to Optus’ scandal.
Australian Federal Police is expanding Operation Guardian, originally set up in response to the Optus breach, to now protect Medibank Private customers whose personal information has been unlawfully released online by ransomware criminals.
It comes as a Sydney man on Tuesday pleaded guilty to trying to blackmail Optus customers after he was charged by the AFP.
The AFP said in a statement it was “aware that distressing and very personal information has been released on the dark web” and had immediately taken measures, including “covert techniques”, to identify further criminal activity.
“Investigators within the AFP’s Cyber Command are working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are buying or selling personal identification information,” the AFP statement said.
“It is an offence to buy stolen information online, which could include a penalty of up to 10 years’ imprisonment. It is also an offence to blackmail or menace customers.”
The AFP said that it had significant powers within its remit that served as a “chilling reminder to hackers” that the AFP would relentlessly pursue them.
Operation Guardian, a joint initiative with state and territory police set up in September to protect more than 10,000 customers whose identification credentials were unlawfully released online under the Optus data breach, will now extend to Medibank Private customers.
AFP Assistant Commissioner Cyber Command Justine Gough said the criminal or criminal groups behind this attack may be offshore but that would not deter the AFP.
“This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared,” he said.
“To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made.
“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.”
Operation Guardian will be actively monitoring the open and the dark web for the sale and distribution of Medibank Private and Optus data.
“Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offences using stolen Medibank Private data,” Assistant Commissioner Gough said.
He said the public were being encouraged to look out for any suspicious or unexpected activity across online accounts, including telco, bank and utilities accounts.
They have also been urged to not click on links in emails or SMS claiming to be from Optus or Medibank Private and be wary of anyone who calls claiming to be from Optus, Medibank Private, police, bank or another organisation offering to help with the data breach.
More Coverage
Activist posted vile threats to Jews
The social media account of an activist who shared personal details of hundreds of Jewish creatives vowed the entire community would be ‘targeted one by one’.
Qantas flight emergency emergency: ‘Takeoff felt wrong’
Passengers onboard Qantas flight QF520 have described a ‘loud bang’ upon takeoff and the aircraft ‘bouncing up and down’ before it landed at Sydney after a suspected engine failure | SEE THE ENGINE DAMAGE