Aussie Police Arrest Young Man for Allegedly Extorting Victim of Optus Data Breach

In the aftermath of one of Australia’s largest-ever data breaches, Australia Federal Police (AFT) say they have arrested a young man for allegedly attempting to use leaked Optus data to extort victims.

The suspect, a 19-year-old from Sydney is accused of using the previously leaked Optus customer data in a creative SMS scam.

According to a press release, the teen had supposedly threatened to distribute victims’ information to other digital miscreants unless they paid AUD $2,000 ransom within 48 hours.

“The investigation was sparked when AFP-led Operation Guardian became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes,” the AFT explained. “The data used by the alleged offender to identify these customers was from the 10,200 stolen records posted online after last month’s Optus breach.”

Although none of the 93 individuals who allegedly received the extortion message gave in to the scammer’s demands, police identified a suspect by tracking down the owner of the bank account.

“A search warrant was executed at a Rockdale home earlier today (Thursday 6 October) where a mobile phone allegedly linked to the text messages was seized,” the police added.

“It will be alleged in court that text messages were sent to 93 Optus customers who had their data exposed on an internet forum. At this stage it appears none of the individuals who received the text message transferred money to the account.”

The 19-year-old is to appear in court later this month on two offences. If found guilty, he faces one charge with a maximum penalty of 10 years in prison and another charge with a maximum of seven years.

The AFT has yet to identify the threat actors behind the Optus data breach. However, they are “pursuing all lines of enquiry” to catch the individuals behind the attack.

In the meantime, the alleged Optus hacker or hackers have let go of any ransom demands and apologized for leaking the personally identifiable information of 10,200 customers on the dark web.

The AFT has also issued an additional warning to other malicious individuals who would exploit victims’ stolen data.

“Do not test the capability or dedication of law enforcement,”Assistant Commissioner Gough said. “The AFP, our state partners and industry are relentlessly scouring forums and other online sites for criminal activity linked to this breach. Just because there has been one arrest does not mean there won’t be more.”

Are you a victim of a data breach?

Bitdefender offers a wide range of security and privacy solutions that protect your financial and digital wellbeing. For data breach victims and other privacy-conscious digital citizens, we provide dedicated privacy tools and services.

Bitdefender Digital Identity Protection keeps you on top of data breaches and leaks with 24/7 data breach monitoring and real-time alerts for privacy threats. This way, you can change your passwords and secure your accounts to prevent financial loss or social media impersonation.

Consumers in the US can fend off identity theft and fraud by subscribing to our dedicated Identity Theft Protection service that offers real-time fraud, data breach and credit monitoring, SSN tracker and support of our #1-rated experts including insurance of up to $2 million.