The AFP will work Optus as part of a criminal investigation into a mass data breach that compromised sensitive personal information belonging to millions of people.
Information from up to 9.8 million current and former Optus users, including names, birthdates, addresses, passport details and drivers licence numbers were stolen.
The AFP issued a statement on Friday saying its specialist Cyber Command will work with Optus “to obtain the crucial information and evidence needed to conduct this complex, criminal investigation”.
The command will work closely with a number of government agencies, including the Australian Signals Directorate.
Optus confirmed last Thursday that it was investigating possible unauthorised access to customer information and had notified the AFP, the Office of the Australian Information Commissioner and key regulators.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Optus CEO Kelly Bayer Rosmarin said.
Ms Bayer Rosmarin later told reporters a sophisticated attack had occurred but it wasn’t known who the attackers were or what they intended to do with the information.
She confirmed that information which may have been exposed included customers’ names, dates of birth, phone numbers, email addresses, and, for “a subset of customers”, addresses, ID document numbers such as driver’s licence or passport numbers.
Payment detail and account passwords were not been compromised.
The government has foreshadowed it will announce new security measures in response to the attack, with home affairs minister Claire O’Neil tweeting on Saturday, “I will have much more to say in coming days about the Optus cyber attack and what steps need to be taken in the future”.
Leave a Reply