A Sydney teenager has been charged over an alleged SMS scam using information obtained from the Optus data breach.
The Australian Federal Police will allege in court a 19-year-old Rockdale man used data from 10,200 Optus customers and began “working his way through the list” demanding $2000 payments.
AFP Assistant Commissioner Cyber Command Justine Gough a search warrant was executed on a home in the southen Sydney suburb earlier on Thursday and a mobile phone allegedly linked to the text messages was seized from the property.
The man has been charged with using a telecommunication network with the intent of blackmail as well as dealing with identification information.
Those crimes carry a maximum penalty of 10 and 7 years in prison respectively.
Assistant Commissioner Gough said the man was not suspected of being the individual responsible for the Optus breach but allegedly tried to financially benefit from the stolen data that was dumped on an online forum.
He allegedly texted 93 customers, demanding they pay $2000 into a bank account otherwise their details would be used for “other criminal purposes” according to Ms Gough.
None of the nearly 100 customers contacted paid the alleged scammer, but the AFP will allege he would have continued the operation if not apprehended by officers.
“Last week, the AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable customers affected by the Optus breach and we were absolutely clear that there would be no tolerance for the criminal use of this stolen data,’’ Ms Gough said.
“We understand how worried some members of the community are, and I want to give the community reassurance that the AFP and our partners are working around the clock to help protect your personal information.“
Around 9.8 million Australians had their data accessed in the major cyber attack, including addresses, passport numbers and drivers licence information.
Optus confirmed that there were 1.2 million customers who had at least one form of current and valid identification accessed by the hackers, while 900,000 had expired ID stolen.
The federal government and AFP are still investigating the source of the cyber attack and are yet to arrest the hackers.
Concern that those Australians affected would fall victim to scams is very high, with the federal government urging people to be on high alert for any suspicious messages or calls.
The news of the arrest comes as Treasurer Jim Chalmers announced that a string of new regulations will be implemented following the data leak to aim to detect and mitigate the risks of scams.
Under the changes, telcos like Optus would be able to share personal information with banks and government agencies to allow for enhanced monitoring of fraudulent transactions and likely scams
“The proposed amendments come after extensive consultation with the financial regulators and other financial institutions on how we can best protect consumers following that Optus data breach,” Mr Chalmers said.
“They need to satisfy robust security requirements and protocols for data transfer and storage, and they need to ensure that the information that they get is destroyed when it’s no longer required.
“It’s important that we note here that for data security reasons, we won’t be disclosing the details of any financial institutions that receive the data from Optus, and this is based on strong advice from the regulators,” he said.
More to come
Originally published as Sydney man charged over alleged Optus hack-related scam