A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers.
The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme.
The suspect contacted dozens of victims to threaten that their personal information would be sold to other hackers and “used for fraudulent activity” unless an AU$ 2,000 payment is made to a bank account under their control.
The scammer is said to have sent the SMS messages to 92 individuals whose information was part of a larger cache of 10,200 records that was briefly published in a criminal forum in September 2022,
The Australian Federal Police (AFP), which launched Operation Guardian following the breach, said there is no evidence that any of the affected customers transferred the demanded amount.
Following his arrest, the offender pleaded guilty in November 2022 to two counts of using a telecommunications network with intent to commit a serious offense.
“The criminal use of stolen data is a serious offense and has the potential to cause significant harm to the community,” AFP Commander Chris Goldsmid said.
The Australian telecom service provider suffered a massive hack last year, with passport information and Medicare numbers pertaining to nearly 2.1 million of its current and former customers exposed.