The Australian Federal Police (AFP) took a 19-year-old teen into its custody for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims.
Officials said that the accused was running a text message blackmail scam, asking victims to transfer $2,000 to a bank account or they will risk getting their personal information misused for fraudulent activities.
Credentials of almost 10 million customers were exposed in the Optus breach, including millions of passports, medicare numbers, and driver’s licenses.
This attack raised questions as to why multiple organizations need to collect and store so much personal data of customers.
Following the incident, the government of Australia is now considering developing a single digital identification service that businesses could use instead. However, the public is questioning this development.
“Within the audit’s remit is to consider how myGov can deliver seamless services that will frequently involve private enterprise service providers. This would prevent the need for citizens to provide sensitive data multiple times to multiple entities,” Shorten’s spokesperson said.
As per the police, they have collected a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down.
The AFP further added that a search warrant at the home of the offender has been executed in which they have successfully seized a mobile phone used to send text messages to about 93 Optus customers.
"At this stage, it appears none of the individuals who received the text message transferred money to the account," the statement reads.
The offender has been charged with using a telecommunication network with the intent to commit a serious offense and dealing with identification information. In both cases, the offender has to spend 10 and 7 years, respectively in imprisonment.