The Australian Federal Police (AFP) has arrested a 19-year-old Sydney teenager for allegedly trying to use data leaked following the Optus data breach late last month to extort victims.
The suspect reportedly ran a text message blackmail scam, demanding that recipients transfer $2,000 to a bank account or risk misusing their personal information for fraudulent activities.
The source of the data, the agency said, was a sample database of 10,200 records that was briefly posted on a cybercrime forum accessible on Clearnet by an actor called “optusdata” before it was removed.
The details of the scam were separated before by 9News Australia reporter Chris O’Keefe on September 27, 2022.
The AFP further said it executed a search warrant at the offender’s home, leading to the seizure of a mobile phone used to send text messages to around 93 Optus customers. “At this stage, it appears that none of the individuals who received the message have transferred money to the account”, it is emphasized.
The unidentified individual has been charged with using a telecommunications network with the intent to commit a felony and handling identifying information. Both of these charges carry a maximum sentence of 10 and 7 years in prison.
The arrest comes after Optus, earlier this week, confirmed the breach affected nearly 2.1 million of its current and former customers, exposing their license numbers and Medicare ID numbers.
The development also follows the law enforcement agency’s launch of Operation Guardian to identify the 10,200 affected individuals and monitor internet forums for threat actors trying to exploit the leaked information for financial gain.
Also created after the breach is Operation Hurricane, which aims to unmask the threat actor responsible for the breach. To that end, the AFP said it is aggressively pursuing all lines of inquiry.
