Operation Guardian expanded to protect stolen information

Operation Guardian will be actively monitoring the clear, dark, and deep web

The AFP is aware that distressing and very personal information has been released on the dark web and has immediately taken measures, including covert techniques, to identify further criminal activity.

Investigators within the AFP’s Cyber Command are working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are buying or selling personal identification information.

It is an offence to buy stolen information online, which could include a penalty of up to 10 years’ imprisonment. It is also an offence to blackmail or menace customers.

The AFP-led Operation Pallidus, which is focussed on the criminal data breach, is also working with Commonwealth agencies and Five Eyes Law Enforcement partners, including the FBI.

The AFP has significant powers within its remit, including legislation that precludes the AFP from revealing when these powers are in use.

Those powers are a chilling reminder to hackers, and those who will attempt to piggyback off those criminals, that the AFP will relentlessly pursue them.

Operation Guardian, a joint initiative with state and territory police set up last month to protect more than 10,000 customers whose identification credentials were unlawfully released online under the Optus data breach, will now extend to Medibank Private customers.

A Sydney man yesterday (8 November 2022) pleaded guilty to trying to blackmail Optus customers after he was charged by the AFP.

AFP Assistant Commissioner Cyber Command Justine Gough said the criminal or criminal groups behind this attack may be offshore but that would not deter the AFP.

“We have significant powers, determination, and access to international law enforcement networks to help investigate this breach.

“This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared.

“It is an offence to buy stolen data, which could be used for financial crimes.

“Importantly, the AFP is aware that the unlawful release of private health information can be distressing and embarrassing for some of those affected by the Medibank data breach.

“To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.

“Operation Guardian will be actively monitoring the clear, dark, and deep web for the sale and distribution of Medibank Private and Optus data.

“Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offences using stolen Medibank Private data.” Assistant Commissioner Gough said just downloading or assessing stolen Medibank Private data may constitute a criminal offence.

“As a force multiplier, we use the powers and authorities of all of our agencies to disrupt the sale and distribution of the unlawfully-obtained data,’’ Assistant Commissioner Gough said.

The public are encouraged to:

  • Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank, and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution.
  • Do not click on any links in any email or SMS claiming to be from Optus or Medibank Private.
  • If someone calls claiming to be from Optus, Medibank Private, police, bank or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information.
  • Never click on any links that look suspicious and never provide your passwords, your bank’s one-time pins, or any personal or financial information, and.
  • If people call posing as a credible organisation and request access to your computer, always say no.

Medibank is aware that the criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from Medibank’s systems.

Medibank CEO David Koczkar said: “The release of this stolen data on the dark web is disgraceful.”

“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.

“The weaponization of people’s private information to extort payment is malicious, and it is an attack on the most vulnerable members of our community.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,” he said.

Given the sensitive nature of the stolen customer data being released on the dark web Medibank has asked the media and others to support our ongoing efforts to minimise harm to customers, not to unnecessarily download sensitive personal data from the dark web and to refrain from contacting customers directly.

Medibank will continue supporting all people impacted by this crime through our Cyber Response Support Program. This includes mental health and well-being support, identity protection and financial hardship measures.

Supporting its customers

A dedicated Cyber Response Support Program for Medibank customers has now been set-up and it includes:

  • A cybercrime health & wellbeing line(1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and issues related to sensitive health information
    Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from our contact centre team
    • Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available
    • Personal duress alarms – for customers particularly vulnerable and/or with safety risks
    • Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients)
    • Specialist identity protection advice and resources through IDCARE’s purpose-built Medibank page
    • Free identity monitoring services for customers whose identity has been compromised as a result of this crime
    • Reimbursement of ID replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
    • Specialised teams to help our customers who receive scam communications or threats


Leave a Comment

Related posts