The Australian Federal Police (AFP) has opened an inquiry into the large data breach at telecoms firm Optus, where hackers allegedly sold the personal information of up to 9.8 million Australians.
The AFP said on September 26 that it has launched Operation Hurricane to track down individuals responsible for the cyberattack and prevent identity fraud among those affected.
The agency stated in a statement that it was aware of the sale of the stolen material and that it had devoted substantial resources to the inquiry.
Assistant Commissioner of Cyber Command Justine Gough stated that although the probe would be extremely difficult and time-consuming, the AFD specialized in such investigations.
She stated, "We are aware of reports of stolen data being sold on the dark web, and that is why the AFP is monitoring the dark web using a range of specialist capabilities."
"Criminals, who use pseudonyms and anonymising technology, can’t see us, but I can tell you that we can see them."
During the inquiry, the AFP stated that it will collaborate closely with the Australian Signals Directorate, foreign policy, and Optus.
In addition, Gough advised Optus consumers to be wary of unsolicited messages, emails, and phone calls in the wake of the data leak.
"The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life," she added.
Slater and Gordon Lawyers is considering pursuing a class action lawsuit against Optus on behalf of its former and current customers in response to the data leak.
Ben Zocco, a senior associate for class actions, stated that vulnerable individuals, such as survivors of domestic violence and victims of stalking, could be at risk owing to the disclosure of information.
While some consumers may face less severe consequences, he added that the stolen information might easily lead to identity theft.
The Australian stated that early on September 27, hackers published the personal details of over 10,000 persons on a prominent online data breach forum and promised to reveal 10,000 records per day unless Optus paid a ransom of $1 million within seven days.
However, they later deleted the initial statement and stated that the information will not be sold.
"Too many eyes. We will not sale data to anyone. We cant [sic] if we even want to: personally deleted data from drive (Only copy), " the alleged hacker stated, according to The Australian.
"Sorry too [sic] 10,200 Australian whos data was leaked."
"Ransomware not payed [sic] but we dont [sic] care any more. Was mistake to scrape publish data in first place."
Name, email address, physical address, passport number, driver's license number, date of birth, and in some cases Medicare numbers were found among the disclosed personal information.