Australian teen charged with using leaked Optus data to blackmail customers
Image: Australian Federal Police
Adam Janofsky October 6, 2022

Australian teen charged with using leaked Optus data to blackmail customers

Australian teen charged with using leaked Optus data to blackmail customers

Australian Federal Police (AFP) arrested a 19-year-old man in Sydney for allegedly extorting victims of the recent Optus hack.

The teen, who wasn’t identified by name, is accused of using some of the 10,200 stolen Optus records posted online to blackmail customers of the breached telecommunications firm. AFP said the man sent text messages to at least 93 victims demanding that they transfer $2,000 to a bank account or have their personal information used for financial crimes.

“At this stage it appears none of the individuals who received the text message transferred money to the account,” the AFP said, noting that they were able to identify the man because the bank account was under his name and a search warrant turned up a phone that was linked to the text messages.

Justine Gough, assistant commissioner for AFP’s Cyber Command, said the man was not suspected to be behind the Optus breach.

On Sept. 23, a hacker using the moniker “optusdata” posted a portion of the data on the Breached forum, demanding that Optus pay $1 million to keep the rest of the data secure. When Optus didn’t give into the demand — and instead started working with law enforcement to investigate the breach — the hacker posted information on thousands of Optus customers.

The breached data includes names, dates of birth, phone numbers, email and physical addresses, and driver’s license and passport numbers. Payment details and account passwords were unaffected, the company said.

The man is scheduled to appear in Sydney court on Oct. 27 to face two charges: using a telecommunication network with the intent to commit a serious offense and dealing with identification information in violation to the country’s Crime Act. He faces up to 10 years in prison.

In a press conference, Gough said AFP is examining hacking forums to monitor if other criminals are trying to exploit the leaked data.

“This is the first person who has been arrested… utilizing material from the Optus data breach, and we don’t expect it will be the last,” she said.

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.