Operation Hurricane has been established by the AFP to identify the people behind the breach, as well as prevent identity fraud of those affected.

The agency said in a statement it was aware of reports of the sale of stolen data from the breach, which has affected up to 9.8 million Australians.

Assistant Commissioner of Cyber Command Justine Gough said the investigation into the source of the data breach would be complex.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities,” she said.

“Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.”

The task force will work with the Australian Signals Directorate, overseas police as well as Optus.

Gough said customers should be more vigilant in monitoring unsolicited texts, emails and phone calls in the wake of the Optus breach.

“The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life,” she said.

Slater and Gordon Lawyers are investigating whether to launch a class action lawsuit against Optus on behalf of former and current customers.

Class actions senior associate Ben Zocco said the leaked information posed a risk to vulnerable people, including domestic violence survivors and victims of stalking.

Consequences may be less severe for other customers but the information could easily lead to identity theft, he added.

Home Affairs Minister Clare O’Neil launched a scathing attack on Optus in parliament.

O’Neil said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.

“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” O’Neil said on Monday.

“We expect Optus to continue to do everything they can to support their customers and former customers.”

The minister called on the telco to provide free credit monitoring to former and present customers who had their data stolen in the breach.

Optus has announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.

O’Neil said the government was looking to work with financial regulators and the banking sector to see what steps could be taken to protect affected customers.

“One significant question is whether the cyber security requirements we place on large telecommunications providers in this country are fit for purpose,” she said.

“In other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars.”

Prime Minister Anthony Albanese said the Optus data breach was a “huge wake-up call”.

As the government prepares to introduce new cybersecurity measures, Albanese said the new protections would mean banks and other institutions would be informed much faster when a breach happened so personal data could not be used.

Optus said it had sent emails or text messages to all customers who had identification documents compromised in the cyber attack.

Payment details and account passwords have not been compromised.

-AAP