AFP logo at EBB Canberra

Sydney man sentenced over data breach SMS scam

07 February 2023, 4:13pm
Media Release

Sydney man sentenced over data breach SMS scam

Editor’s note: Arrest footage and images available via Hightail

A Sydney man has been sentenced to an 18 month Community Correction Order, 100 hours of community service and conviction recorded by the Sydney Downing Centre District Court today (7 February, 2023) for attempting to blackmail Optus customers whose stolen records he found online.

He had pleaded guilty in November, 2022, to two counts of using a telecommunications network with intent to commit a serious offence, after he tried to SMS scam people whose details were exposed in the Optus data breach.

Investigators arrested the man, 20, on 6 October, 2022, after the AFP-led Operation Guardian linked him to text messages sent to dozens of Optus customers demanding they transfer $2000 to a bank account he nominated, or face their personal information being used for other financial crimes.

Details used by the offender to identify these customers came from the 10,200 stolen records posted online by hackers after the Optus data breach in September 2022.

The man sent text messages to at least 92 customers but the AFP has no evidence that any of those customers paid him.

On 8 November, 2022, the man pleaded guilty to two counts of using a telecommunications network with intent to commit a serious offence, contrary to section 474.14(2) of the Criminal Code Act 1995 (Cth), where the serious offence is blackmail, contrary to section 249K of the Crimes Act 1900 (NSW). 

AFP Commander Chris Goldsmid said the AFP acted quickly on the allegations to protect Australians from identity fraud and ensure the man would not financially benefit from the data breach.

“The criminal use of stolen data is a serious offence and has the potential to cause significant harm to the community,” Commander Goldsmid said.

“The AFP-led Joint Policing Cybercrime Centre (JPC3) continues to work around the clock to protect customers affected by recent data breaches who are at risk from identity fraud.”

Operation Guardian continues to work with state and territory partners to analyse and, where appropriate, coordinate an Australian law enforcement response that minimises and prevents the threat of the misuse of sensitive and personally identifiable information arising from the Optus and Medibank data breaches.

The AFP continues to remind the public to:

  • Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution
  • Do not click on any links in any email or SMS claiming to be from Optus or Medibank
  • If someone calls claiming to be from Optus, Medibank, the police, bank or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information
  • Never click on any links that look suspicious and never provide your passwords, your bank’s one time pins, or any personal or financial information
  • If people call posing as a credible organisation and request access to your computer, always say no

If you believe you are a victim of cybercrime, report it to ReportCyber at

Media enquiries:
AFP Media: (02) 5126 9297

Connect with us: Follow our Facebook, Twitter, LinkedIn, Instagram and YouTube pages to learn more about what the AFP does to keep Australia safe.