A man in Sydney has been arrested by the police under suspicion of blackmail in connection to a significant data breach investigation. The breach has resulted in the exposure of personal details belonging to potentially up to one million residents of New South Wales and the Australian Capital Territory (ACT), which were shared online.
The New South Wales police, in collaboration with state, federal, and international agencies, have been diligently working to investigate this major breach. It is believed to be either a case of blackmail or corporate sabotage, following the publication of data earlier this week.
The breach involves Outabox, an IT provider utilised by numerous hospitality venues, including the prominent hospitality giant, Merivale. Personal information, such as names and addresses, was accessed during this incident.
Authorities are currently probing the possibility that the alleged perpetrator may have established a website related to the breach. This site purported to allow users to search names in the leaked database, returning redacted information about its contents and claiming to contain 1,050,169 records.
Officers from the NSW Police State Crime Command’s Cybercrime Squad have been actively investigating the matter under the operation titled Strike Force Division.
On Thursday evening, authorities made a significant breakthrough when they announced the arrest of a man. This arrest came subsequent to the execution of a search warrant in Fairfield West around 4:20 pm.
“At the address, police arrested a 46-year-old man. He will be taken to Fairfield police station where he is expected to be charged with blackmail.”
The commander of the cybercrime squad, Det Acting Supt Gillian Lister, said “now is the optimal time to make sure your cyber hygiene is good; you have strong passwords and are using two-factor authentication where possible”
Earlier on Thursday, Detective Chief Superintendent Grant Taylor emphasised the primary objectives of the investigation, which included restricting access to the compromised data, gauging the magnitude of the breach, and discerning the underlying motives.
“We’re pursuing both avenues of inquiry, investigating whether it’s a case of targeted blackmail against a specific company or if it’s an orchestrated act of sabotage aimed at tarnishing the company’s reputation,” Taylor elucidated.
He further divulged that preliminary finding suggested a breach within a third-party provider affiliated with Outabox, shedding light on the intricate web of connections implicated in this breach.
Police say they had worked with other federal and state agencies to “contain the breach. They also indicated they had made attempts to disable and ultimately seek the shutdown of a website that housed the leaked personal information.
