Statement by AFP Commissioner Reece Kershaw on Medibank’s personal data breach


Editor’s note: The vision of the press conference is available via hightail.

I will make a brief statement on the Personal Data Breach at Medibank, but I will not answer any questions as this is a very complex and serious ongoing investigation.

But I want to reach out to Australians today and give as much information as I can without jeopardizing the criminal investigation.

I know Australians are angry and desperate, seeking answers to the highly sensitive and deeply personal information being released by criminals who have breached Medibank Private’s database.

This is a crime that has the potential to affect millions of Australians and harm a vital Australian business.

This cyber attack is an unacceptable attack on Australia and deserves a response commensurate with the malicious and far reaching consequences this crime is causing.

AFP conducts covert operations and works around the clock with our domestic authorities and our international networks, including INTERPOL.

This is important because we believe Russia is responsible for the breach.

Our information points to a group of loosely affiliated cybercriminals who are likely responsible for past major security breaches in countries around the world.

These cyber criminals operate like a company with affiliates and employees supporting the company.

We also believe that some affiliated companies may be based in other countries.

Anyone involved in this attack is the focus of ongoing investigations as part of the AFP-led Operation Pallidus.

We think we know who is responsible for this, but I won’t name them.

What I want to say is that we will have discussions with Russian law enforcement about these individuals.

The AFP is responsible for the Australian INTERPOL National Central Bureau, which is in direct contact with the National Central Bureau Moscow.

INTERPOL National Central Bureaux work together in cross-border investigations, operations and arrests.

To conduct investigations beyond national borders, they can contact any other National Central Bureau.

It is important to note that Russia benefits from INTERPOL’s sharing of information and data, and with it, responsibility and accountability.

I have several messages today.

To the Australian public: AFP and our partners will not give up on bringing those responsible to justice.

Operation Guardian investigators also scour the internet and dark web to identify individuals accessing and attempting to profit from this personal information.

To the criminals, we know who you are and furthermore, AFP has some significant runs under its belt when it comes to bringing foreign criminals back to Australia to face the justice system.

To the media and social media: I know you are doing the right thing and will continue to help us protect the community by not helping these criminals by posting or publishing this sensitive information.

This is a time for all Australians – the community, business and law enforcement – to stand together and refuse to give these criminals the exposure they seek.

May I ask the companies: Make sure your systems are protected.

Cybercrime is the 21st century breakthrough and personal information is used as currency.

In closing, I would like to reiterate that Australian government policy does not condone paying ransoms to cyber criminals.

Any ransom payment, large or small, fuels the cybercrime business model and puts fellow Australians at risk.

Media Inquiries:

AFP Media: (02) 5126 9297

connect with us: Follow our Facebook, TwitterLinkedIn, Instagram and YouTube pages to learn more about what AFP is doing to protect Australia.


Comments are closed.