19-Year-Old man arrested for misusing leaked record from Optus Breach

The Australian Federal Police (AFP) arrested a 19-year-old teen from Sydney for attempting to use data from the Optus data breach in SMS scams.

The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to use data leaked after the Optus data breach in a fraudulent scheme aimed at extorting victims via SMS scams.

Early this week, the company confirmed that the breach impacted nearly 2.1 million individuals.

“A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.” reads the announcement published by the AFP. The Rockdale man is scheduled to appear in a Sydney Court on 27 October (2022) to face two offences that carry a maximum penalty of 10 and 7 years’ imprisonment.”

The arrest is the result of Operation Guardian led by AFP which became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes. The authorities determined that data used in this criminal activity were from the 10,200 records stolen from the telecommunications giant last month.

The database belonging to the company was leaked on a cybercrime forum.

The Australian police executed a search warrant at a Rockdale home on 6 October and discovered a mobile phone used to send the messages.

The man sent SMS messages to 93 Optus customers, the good news is that none of the recipients transferred money to the account under the control of the man.

Assistant Commissioner Gough said that the AFP investigation, called Operation Hurricane, to identify the responsible for the data breach was continuing.

“The Hurricane investigation is a high priority for the AFP and we are aggressively pursuing all lines of enquiry to identify those behind this attack.” said Gough.

The AFP shared the following data related to the Operation Guardian:

Identifying the 10,200 individuals across Australia now at risk of identity fraud and working with industry to enable further protection for those members of the public,
Monitoring online forums, the internet and the dark web for other criminals trying to exploit the personal information released online,
Engaging with the financial service industry to detect criminal activity associated with the data breach, and
Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Optus)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.