Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

Feb 08, 2023Ravie LakshmananCyber Crime / SMS Fraud

A Sydney man has been sentenced^[1]
to an 18-month Community Correction Order (CCO^[2]) and 100 hours of
community service for attempting to take advantage of the Optus
data breach last year to blackmail its customers.

The unnamed individual, 19 when arrested in October 2022^[3] and now 20, used the
leaked records stolen from the security lapse to orchestrate an
SMS-based extortion scheme.

The suspect contacted dozens of victims to threaten that their
personal information would be sold to other hackers and “used for
fraudulent activity” unless an AU$ 2,000 payment is made to a bank
account under their control.

The scammer is said to have sent the SMS messages to 92
individuals whose information was part of a larger cache of 10,200 records^[4] that was briefly
published in a criminal forum in September 2022,

The Australian Federal Police (AFP), which launched Operation
Guardian following the breach, said there is no evidence that any
of the affected customers transferred the demanded amount.

Following his arrest, the offender pleaded guilty in November
2022 to two counts of using a telecommunications network with
intent to commit a serious offense.

“The criminal use of stolen data is a serious offense and has
the potential to cause significant harm to the community,” AFP
Commander Chris Goldsmid said.

The Australian telecom service provider suffered a massive hack
last year, with passport information and Medicare numbers
pertaining to nearly 2.1 million^[5]
of its current and former customers exposed.