A 19-year old man in Sydney has been arrested after allegedly trying to scam Optus customers out of $2,000 via SMS – but made the critical error of including his bank account number which police traced to him.

He now faces a maximum penalty of 10 and 7 years’ imprisonment.

The man from Rockdale in Sydney’s south was not named by the Australian Federal Police (AFP).

Last month, Australia’s second-largest telco was subject to a data breach with a hacker stealing the details of approximately 10 million past and present customers.

A smaller subset of 10,200 records was posted online by the hacker, including customer email address, driver licence and passport numbers, and Medicare card details.

Police say the arrested man is not responsible for the original hack on 22 September, but allegedly downloaded the subset of records which he used to blackmail 93 Optus customers.

At this stage, police do not believe any of the individuals transferred money to the bank account.

A search warrant at the man’s Rockdale home was executed today and police seized a mobile phone linked to the SMS scam.

The man has been charged by AFP with two offences:

a. Using a telecommunication network with the intent to commit a serious offence, contrary to section 474.14 (2) of the Criminal Code Act 1995 (Cth), where the serious offence is blackmail, contrary to section 249K of the Crimes Act 1900 (NSW). This offence is punishable, upon conviction, by a penalty not exceeding that of the serious offence, being a maximum penalty of imprisonment for 10 years; and

b. Dealing with identification information, contrary to section 192K of the Crime Act 1900 (NSW). This offence is punishable by a maximum penalty of imprisonment for 7 years.

The man will appear in Sydney Central Court at a later date.