Man arrested for alleged data breach SMS scam

Editor’s note: Arrest vision and a recording of the press conference with Assistant Commissioner Justine Gough are available via Hightail.

A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam. 

The Rockdale man is scheduled to appear in a Sydney Court on 27 October (2022) to face two offences that carry a maximum penalty of 10 and 7 years’ imprisonment.

The investigation was sparked when AFP-led Operation Guardian became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes. The data used by the alleged offender to identify these customers was from the 10,200 stolen records posted online after last month’s Optus breach.

The AFP identified a bank account, which was in the name of a juvenile, and will allege it was being used by the man.

A search warrant was executed at a Rockdale home earlier today (Thursday 6 October) where a mobile phone allegedly linked to the text messages was seized.

It will be alleged in court that text messages were sent to 93 Optus customers who had their data exposed on an internet forum. At this stage it appears none of the individuals who received the text message transferred money to the account.

The Rockdale man was charged with two offences:

a. Using a telecommunication network with the intent to commit a serious offence, contrary to section 474.14 (2) of the Criminal Code Act 1995 (Cth), where the serious offence is blackmail, contrary to section 249K of the Crimes Act 1900 (NSW). This offence is punishable, upon conviction, by a penalty not exceeding that of the serious offence, being a maximum penalty of imprisonment for 10 years; and

b. Dealing with identification information, contrary to section 192K of the Crime Act 1900 (NSW). This offence is punishable by a maximum penalty of imprisonment for 7 years.

Assistant Commissioner Cyber Command Justine Gough said the man was not suspected of being the individual responsible for the Optus breach but allegedly tried to financially benefit from the stolen data that was dumped on an online forum.

“Last week, the AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable customers affected by the Optus breach and we were absolutely clear that there would be no tolerance for the criminal use of this stolen data,’’ Assistant Commissioner Gough said.

“I want to be very clear – and there are two messages today that I want to underscore.

“The AFP-led JPC3 has diverted significant resources to protect those customers at risk from identify fraud. We understand how worried some members of the community are, and I want to give the community reassurance that the AFP and our partners are working around the clock to help protect your personal information.

“Secondly, the warning is clear. Do not test the capability or dedication of law enforcement. The AFP, our state partners and industry are relentlessly scouring forums and other online sites for criminal activity linked to this breach. Just because there has been one arrest does not mean there won’t be more.”

Assistant Commissioner Gough said Operation Hurricane, the AFP investigation into the alleged offender responsible for the breach, was continuing.

“The Hurricane investigation is a high priority for the AFP and we are aggressively pursuing all lines of enquiry to identify those behind this attack.”

Operation Guardian is:

  • Identifying the 10,200 individuals across Australia now at risk of identity fraud and working with industry to enable further protection for those members of the public,
  • Monitoring online forums, the internet and the dark web for other criminals trying to exploit the personal information released online,
  • Engaging with the financial service industry to detect criminal activity associated with the data breach, and
  • Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited.

The public are encouraged to:

  • Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution;
  • Do not click on any links in any email or SMS claiming to be from Optus;
  • If someone calls claiming to be from Optus, the police, bank or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information;
  • Never click on any links that look suspicious and never provide your passwords, your bank’s one time pins, or any personal or financial information;
  • If people call posing as a credible organisation and request access to your computer, always say no.

Media enquiries:

AFP Media: (02) 5126 9297

Connect with us: Follow our Facebook, Twitter, LinkedIn, Instagram and YouTube pages to learn more about what the AFP does to keep Australia safe.

If it doesn't add up, speak up. Call the National Security Hotline - 1800 123 400.

Read the AFP Annual Report 2020-21

Australian Centre to Counter Child Exploitation - visit website

Policing and community news from the AFP