Optus has been hit with a substantial $826,320 penalty after a serious security lapse allowed scammers to bypass customer verification processes and steal as much as $39,000 from individual victims.
The Australian Communications and Media Authority (ACMA) found the telecommunications company – operating through its Coles Mobile brand – breached anti-scam regulations 44 times across September and October 2024.
ACMA’s investigation uncovered that criminals exploited a vulnerability in Optus’ third-party verification software, enabling them to hijack at least four customers’ mobile services without authorisation. Once in control of the mobile numbers, the scammers were able to access banking details and drain accounts, with some victims reporting losses reaching $39,000.
Samantha Yorke, ACMA Authority Member, condemned the failure as “inexcusable”, stressing that all Australian telcos must have stringent identification systems in place to protect the public. She said the size of the penalty reflects the severity of the breaches and the direct harm suffered by affected customers.
Optus issued a statement apologising to those impacted, explaining that several mobile numbers were illegally ported due to a technical issue involving third-party provider Prvidr. According to the company, the flaw was identified and fixed within 24 hours, and verification controls have since been strengthened.
“We accept the action announced by ACMA today and reaffirm our commitment to strengthening customer protections,” an Optus spokeswoman said. The company added it is working closely with government agencies, banks and industry partners to combat identity theft and make fraudulent porting more difficult.
The penalty comes at a sensitive time for Optus, which continues to face public and regulatory fallout from its catastrophic triple-0 outage in September. During that event, hundreds of Australians were unable to contact emergency services; at least four people who attempted to call for help died as a result.
Compounding its troubles, the Federal Court imposed a massive $100 million fine on the telco in September for engaging in “predatory” behaviour by signing 400 vulnerable Australians to contracts they did not want, need, or understand.
Despite the controversies, Optus reported adding 169,000 customers over the past financial year and a 27 per cent rise in earnings before interest and tax, reaching $283 million. Chief executive Stephen Rue has pledged sweeping reforms, including an independent review led by business expert Kerry Schott, expected to conclude by the end of 2025.
Optus maintains that it has blocked nearly 600 million scam calls and over 250 million scam text messages since December 2020. The company is also building a dedicated enterprise-wide scam prevention unit under a newly appointed Director of Scam Prevention as part of its long-term effort to detect and disrupt fraudulent activity.
