19-Year-Old man arrested for misusing leaked record from Optus Breach

The Australian Federal Police (AFP) arrested a 19-year-old teen from Sydney for attempting to use data from the Optus data breach in SMS scams.

The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to use data leaked after the Optus data breach in a fraudulent scheme aimed at extorting victims via SMS scams.

Early this week, the company confirmed that the breach impacted nearly 2.1 million individuals.

“A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.” reads the announcement published by the AFP. The Rockdale man is scheduled to appear in a Sydney Court on 27 October (2022) to face two offences that carry a maximum penalty of 10 and 7 years’ imprisonment.”

The arrest is the result of Operation Guardian led by AFP which became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes. The authorities determined that data used in this criminal activity were from the 10,200 records stolen from the telecommunications giant last month.

The database belonging to the company was leaked on a cybercrime forum.

The Australian police executed a search warrant at a Rockdale home on 6 October and discovered a mobile phone used to send the messages.

The man sent SMS messages to 93 Optus customers, the good news is that none of the recipients transferred money to the account under the control of the man.

Assistant Commissioner Gough said that the AFP investigation, called Operation Hurricane, to identify the responsible for the data breach was continuing.

“The Hurricane investigation is a high priority for the AFP and we are aggressively pursuing all lines of enquiry to identify those behind this attack.” said Gough.

The AFP shared the following data related to the Operation Guardian:

• Identifying the 10,200 individuals across Australia now at risk of identity fraud and working with industry to enable further protection for those members of the public,
• Monitoring online forums, the internet and the dark web for other criminals trying to exploit the personal information released online,
• Engaging with the financial service industry to detect criminal activity associated with the data breach, and
• Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Optus)

[adrotate banner=”5″]

[adrotate banner=”13″]