Cybercrime , Fraud Management & Cybercrime , Geo-Specific

Australia Police Charge Teen With Extorting Optus Victims

19-Year-Old From Sydney Suburbs Allegedly Sent Extortion SMS to Data Breach Victims
Australia Police Charge Teen With Extorting Optus Victims
A 19-year-old resident of suburban Sydney, Australia, was arrested Thursday morning for allegedly running an SMS scam using stolen Optus data breach information. (Image: Australian Federal Police)

Australian Federal Police arrested a teenager who attempted to capitalize on the massive data breach at telecommunications provider Optus by threatening to blackmail victims whose data was published online.

See Also: OnDemand | A Master Class on Cybersecurity: Roger Grimes Teaches Data-Driven Defense

The man, 19, allegedly sent text messages to 93 of the 10,200 Optus customers whose data was posted online by the hacker who stole millions of customer records from the cellular network provider. Police are not revealing the teenager's identity but say he threatened to use victims' personal information for financial crimes unless he received a payment of AU$2,000 - approximately US$1,300.

The teenager is not a suspect in the Optus data breach investigation itself, which police say is ongoing and "aggressively pursuing all lines of enquiry." The hacker behind the breach late last month backed off from selling the entire set of stolen customer records. "Too many eyes," the hacker posted in a forum (see: Optus Attacker Halts AU$1.5 Million Extortion Attempt).

Police arrested the would-be extortionist Thursday morning in his home in the Sydney suburb of Rockdale and seized a mobile phone allegedly used to send the blackmail messages. None of the recipients appear to have paid out.

Police charged the teenager with using a telecommunication network with the intent to commit a serious offense and dealing with identification information, which respectively carry a maximum penalty of 10 and seven years.

Following the Optus breach, Australian law enforcement inaugurated Operation Guardian to monitor for illicit online activity involving individuals swept up by the breach.

A number of public service agencies, including the Australian Competition and Consumer Commission have alerted Optus customers to be on the lookout for scams. Multiple bad actors already have sent out Optus breach-themed phishing and SMS messages.

Police are "scouring forums and other online sites for criminal activity linked to this breach. Just because there has been one arrest does not mean there won't be more," Australian Federal Police Assistant Commissioner Justine Gough said in a statement.

Optus is conducting its own investigation into the data breach incident. In a Monday update, the company said further analysis shows that of the 9.8 million records exposed, only 2.1 million involved an identity document number.*

*Correction Oct. 10, 2022 21:02 UTC: Clarifies that Optus has found that, of the 9.8 million individuals affected by the breach, only 2.1 million must take action due to having an identity document number included in the affected data set.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.