The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.