Following one of Australia’s largest data breaches, Australia Federal Police (AFP) said they arrested a young man on Thursday for allegedly attempting to use leaked Optus data to extort victims. Optus is a telecommunications company headquartered in Australia and is the second-largest wireless carrier in the country.
The suspect, a 19-year-old from Sydney, was accused of using the leaked Optus customer data in an SMS scam.
According to the AFP’s press release, the teen allegedly threatened to send victims’ information to other malicious actors unless they paid an AUD $2,000 ransom within 48 hours.
“The investigation was sparked when AFP-led Operation Guardian became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes,” the AFP explained in its press release on Thursday. “The data used by the alleged offender to identify these customers was from the 10,200 stolen records posted online after last month’s Optus breach.”
While none of the 93 individuals who allegedly received the extortion messages gave into the scammer’s demands, police identified their suspect by tracing him back to his bank account.
“A search warrant was executed at a Rockdale home earlier today (Thursday 6 October) where a mobile phone allegedly linked to the text messages was seized,” the AFP said.
“It will be alleged in court that text messages were sent to 93 Optus customers who had their data exposed on an internet forum,” the police added. “ At this stage it appears none of the individuals who received the text message transferred money to the account.”
The 19-year-old suspect is set to appear in court later this month on two offenses. He faces one charge with a maximum penalty of 10 years and another with a maximum penalty of seven years if found guilty.
The AFP has not yet identified the threat actors behind the Optus data breach. However, they are still “pursuing all lines of inquiry” to find the individuals behind the attack.