Optus data breach: Accused fraudster charged with using stolen data for an alleged SMS scam

A Sydney man has been charged over an alleged blackmail scam where he allegedly used details obtained from the Optus data breach, the Australian Federal Police announced. 

On Thursday police arrested a 19-year-old man at a Rockdale property with a mobile phone allegedly linked to the text messages seized.

He has been charged with using a telecommunication network with the intent to commit a serious offence and dealing with identification information, offences that carry a maximum penalty of 10 and 7 years imprisonment respectively.

Police will allege text messages were sent to 93 Optus customers who had their data exposed in the Optus hack. 

It is understood none of the individuals who received the text message transferred money to the account.

An AFP-led investigation was launched following the text messages demanding some Optus customers transfer $2000 to a specified bank account or see their personal details used for financial crimes. 

The data used by the alleged offender was taken from the 10,200 stolen records posted online during last month’s Optus breach.

The AFP identified the bank account in the name of a juvenile with police alleging it was actively being used by the man.

The 19-year-old man will appear at Sydney Central Local Court at a later date. 

Some 9.8million Optus customers’ names, passports, drivers’ licence numbers, addresses, email addresses, dates of birth and phone numbers were stolen by hackers in Australia’s biggest ever data breach last month.

Several victims reported receiving ‘highly targeted’ scam texts and emails in the wake of the hack. 

Cyber security consultancy Gridware previously told Daily Mail Australia that Optus’s stolen data would be sold on the dark web to criminals and used to create authentic-looking phishing scams.

Ahmed Khanji, Gridware’s CEO and professor of cybersecurity said criminals who buy the data were able to create convincing-looking SMS messages and emails because they already have so much personal information.

‘These messages will be advanced, targeted phishing attempts trying to get you click a link to pay a fee or a fraudulent invoice, or fill out more details,’ Prof. Khanji said.

‘They are far more believable than random messages saying “I’m from the ATO, you owe money.’

The messages could most obviously try to pressure existing Optus customers for money.

People unaware their details had been stolen could easily fall for the scams because any messages would quote their personal details back to them – including residential address and date of birth.

More to come.