Daily London
The telecommunications regulator has fined Optus for failing to follow anti-scam regulations, leaving some customers thousands of dollars out of pocket.
The troubled telco, which is reeling from the fatal triple-zero outage, failed to close a systems weakness that enabled criminals to target the phone numbers of 44 people with Coles Mobile accounts, operated by Optus.
The scammers then used these phone numbers to infiltrate bank accounts and steal money, an Australian Communications and Media Authority (ACMA) investigation found.
At least four consumers’ bank accounts were targeted, resulting in a total of $39,000 stolen.
Optus will pay a penalty of $826,320 for the security failures that happened between September and October last year.
ACMA member Samantha Yorke said the fine was the maximum allowed, and reflected the serious level of the breach.
“While this was a one-off issue which was quickly remediated, it is inexcusable for any telco not to have robust customer ID verification systems in place, let alone Australia’s second largest provider,” she said.
“Scammers are always looking for any weaknesses in systems, and on this occasion Optus left a vulnerability which directly exposed people to harm.”
ACMA rules require telcos to verify the identity of people wanting to transfer their numbers to a new provider before a transfer is completed.
Businesses have paid more than $1.9 million for breaches of the standard in the past 12 months.
