Operation Guardian is already working with public and private sectors
The AFP has expanded Operation Guardian to help protect Latitude Services customers whose personal information has been stolen by cybercriminals.
Operation Guardian, a joint initiative with state and territory police run through the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), was set up in September 2022 to protect more than 10,000 customers whose personal information was unlawfully released online after the Optus data breach. It was also extended to Medibank Private customers.
There is no evidence to date that the personal details of Latitude Services customers are available or being sold on online or dark web forums.
However, Operation Guardian is already working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are attempting to buy or are selling personally identifiable information (PII). Investigators will extend that protection to Latitude customers.
It is an offence to buy stolen personal information online, which could include a penalty of up to 10 years’ imprisonment. It is also an offence to blackmail or menace customers.
The AFP will take immediate action – through disruption capability or charges – if individuals or groups are selling stolen personal information online.
A Sydney man was convicted in Sydney Downing Centre District Court on 7 February 2023, for trying to blackmail Optus customers. He was charged by the AFP last year under Operation Guardian.
The public are encouraged to:
- Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank, and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution
- Be wary of phishing, do not click on any links in any email or SMS
- If someone calls claiming to be from Optus, Medibank Private, Latitude Services, police, bank, or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information.
- Never click on any links that look suspicious and never provide your passwords, your bank’s one-time pins, or any personal or financial information, and.
- If people call posing as a credible organisation and request access to your computer, always say no.