Optus data breach: federal police launch ‘Operation Guardian’ to protect identity of 10,000 victims

The Australian federal police have launched “Operation Guardian” to protect current and former Optus customers from identity crime and financial fraud.

The prime minister, Anthony Albanese, confirmed on Friday that Optus had agreed to pay for the replacement of passports exposed in the leak of 9.8 million customer records.

AFP assistant commissioner Justine Gough announced the new operation on Friday, saying the priority for federal police will be the 10,000 records – including passport, Medicare and driver’s licence information – that were posted on a data breach website earlier this week.

The post was later deleted and the writer dropped their ransom demands for Optus to pay $1m, but the 10,000 records were copied and reposted by other users on the website.

Gough said Operation Guardian will “supercharge” the protection of those 10,000 people and provide “multi-jurisdictional and multilayered protection from identity crime and financial fraud”.

Related: As a victim of identity theft, I know just how quickly it can happen – and how hard it is to fix | Martha Bedggood

Online forums will be monitored, and the AFP will work with the financial sector to detect activity associated with the breach, she said.

The 10,000 people in the breach will not be informed they’re in the breach by the AFP, Guardian Australia has confirmed.

Gough said Operation Hurricane – the operation to find out who obtained the data and attempted to sell it online – is still continuing, with international partners including the FBI and AFP cyber liaison officers across the world.

But she said the alleged offender had used “obfuscation techniques” to hide their identity online.

“This will be a long and investigation and it involves large data sources, multiple inquiries,” she said.

“This is a complex investigation that will take some time. There are complex datasets. It will involve co-operation with law enforcement from across the globe, potentially, given that we are talking about a type of crime that is borderless.”

Gough declined to confirm reports that the breach occurred when Optus left open an application programming interface (API) to its customer database without requiring authorisation. She said police were investigating the source of the leak and would not go into details at this time.

Related: Companies could be forced to delete customer data used to prove ID, Labor suggests

Albanese said on Friday that customers caught up in the breach who had their passport numbers exposed would have the cost of a replacement passport covered by Optus.

Albanese called for company to pay for the replacements in parliament earlier in the week, and the foreign minister, Penny Wong, wrote to Optus saying there was no justification for victims or taxpayers to foot the bill.

Optus had agreed to the government’s demand, Albanese said.

“[Optus] will cover the costs of replacing affected customers’ passports,” he said. “I think that’s entirely appropriate.”