Data including credit card numbers, online banking credentials, and log-in names and passwords of thousands of individuals from Australia and the U.S. has already been collected in the scam, Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs, said in an interview Wednesday.