A text exchange between Al Solutions and a Melbourne corporate intelligence and security company. Optus has called in the federal police to investigate the data breach after it was contacted by Fairfax Media. Optus, Telstra - which is holding an investor briefing in Sydney on Thursday - and Vodafone have stressed they are aware of the problem and have invested heavily in security procedures to counter it. The revelation underscores the risks facing Australian consumers and businesses as a vast amount of personal or private data is collected and often stored offshore by service providers, financial institutions and government agencies. It also raises fresh concerns about risks faced in using offshore call centres, where it may be more difficult to ensure data security.

One of text messages from Al Solutions. AI Solutions actively markets its services to prospective Australian clients via an Indian businessman who uses the name Imran Khan. It is unclear if this is a false name. But Fairfax Media has confirmed that AI Solutions has previously, and on numerous occasions, sold Australians' personal data to third parties. Cyber security experts warned BlueBorne had the potential to cause havoc. Credit:iStock It recently wrote to a Melbourne corporate intelligence and security company, boasting that it has a "long list" of Australian clients buying data from the offshore call centres.

"There are … 3 major telecom numbers details I can provide you. Telstra, Vodafone and Optus," the Indian company's representative wrote in a text message to a prospective client seen by Fairfax Media. The company charges $350 to provide a person's home address and charges $1000 for a "full extract". This includes a person's home address, date of birth, alternative phone numbers and "more than 1 years billing statements" and "calling data history". "And for VIP, politician, police, celebrity, charges are different," one message said. While the data being illegally sold will not contain the actual content of text messages or what has been said during phone calls, it does contain information about who a person has called, the location at which a call is made and other sensitive data and metadata. This information could be of use to companies engaged in corporate spying or intelligence gathering, private investigators, marketing firms and organised criminals seeking to engage in identity fraud, or to locate people. It is possible that foreign intelligence services could also use the data theft service.

The Indian firm requests payment via Western Union or Money Gram remittance services. In his LinkedIn profile, "Imran Khan" writes that he is capable of "Under-Cover Operations, Property Investigation, Mobile Investigation" and "Interception in mobile communications technology in certain telecom companies". When asked for comment, "Imran Khan" replied in a message: "I spoke my attorney [sic] he said for your interview it will cost you 10,000$ aud. if you want to know the process and clients list ' because I guess I'm not doing anything unofficial '. Before going ahead make sure you have proper evidence ' or be ready for my claim (allegations) I have family in Australia too'. As I will get three claim. For three states." He later reduced his price for an interview to $8000. An Optus spokesman said the matter had been referred to the Australian Federal Police and that "Optus is aware that a third party has attempted to infiltrate our call centres seeking access to customer data".

Vodafone said in a statement that it is "aware there are individuals who do attempt to illegally access data through various channels from companies and organisations which hold customer information". "We would urge anyone who may have information about potential privacy breaches to report it to us for investigation and referral to authorities," Vodafone said. Telstra said in a statement that it was "aware this type of sophisticated criminal activity does take place from time to time across most industries and we do everything we can to protect our customers' data". It urged customers who believed their data may have been breached to contact it so it could investigate and refer to police. The Australian Federal Police said it had spoken with Optus and Vodafone and had subsequently provided information to Indian authorities.

Al Solutions has been approached for comment. Know more? Contact us anonymously on JournoTips or SecureDrop