Skip links

Australian Federal Police arrest man suspected of exploiting Optus cyberattack

Aussie police have cuffed a 19-year-old Sydney resident accused of trying to extort money from victims of the recent cyberattack and digital burglary at national telecommunications provider Optus.

The Australian Federal Police (AFP) said today it was alerted to the blackmail attempt when some Optus customers were told to transfer AU$2,000 ($1,300) to a bank account or have their personal data used for financial crimes.

The unnamed individual is alleged to have used 10,200 of the records on customers that were uploaded to the web following the attack in September, including names, dates of birth, phone numbers, email addresses, home addresses, driving licenses, and passports.

A bank account held in the name of a juvenile was claimed to be used by the man and when AFP raided his home in Rockwell, southern Sydney, they found a phone allegedly linked to the text messages. He is understood to have sent texts to 93 Optus customers whose personal information was leaked after the attack.

This week, Optus, which has hired Deloitte to undertake an external review of the cyberattack, confirmed [PDF] that of its 9.8 million customers, 1.2 million had a current and valid form of ID and personal information compromised, and 900,000 have had records relating to expired ID/personal information exposed.

So far it looks as if not one Optus customer targeted by the alleged Sydney blackmailer gave into his demands and paid up.

The defendant is due to appear in a Sydney court on October 27 charged with two offences:

The man was not suspected of being behind the Optus attack but tried to exploit the incident for financial gain, said Assistant Commissioner Cyber Command Justine Gough.

“Last week, the AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable customers affected by the Optus breach and we were absolutely clear that there would be no tolerance for the criminal use of this stolen data.

“The AFP-led JPC3 has diverted significant resources to protect those customers at risk from identify fraud. We understand how worried some members of the community are, and I want to give the community reassurance that the AFP and our partners are working around the clock to help protect your personal information.

“Secondly, the warning is clear. Do not test the capability or dedication of law enforcement. The AFP, our state partners and industry are relentlessly scouring forums and other online sites for criminal activity linked to this breach. Just because there has been one arrest does not mean there won’t be more.”

Operation Hurricane, the AFP investigation to unearth the person or persons behind the Optus attack, continues. AFP has asked the FBI to help with its probe. ®