https://www.itnews.com.au/news/optus-takes-826000-hit-for-anti-scam-breaches-621882
In a significant blow to Australia’s second-largest telecommunications provider, Optus has been slapped with an $826,000 fine by the Australian Communications and Media Authority (ACMA) for a vulnerability in its third-party identity verification system that was exploited by scammers.
The incident, which targeted customers of Optus’ mobile virtual network operator (MVNO) Coles Mobile, allowed scammers to bypass the required verification process for mobile number porting, enabling them to gain control of at least four consumers’ mobile services and access their bank accounts, resulting in reported losses of $39,000.
ACMA’s investigation revealed that the vulnerability, which has since been remediated, “leant on the likes of the Australian Cyber Security Centre, Australian Financial Crimes Exchange and the Australian Competition and Consumer Commission” to gather the necessary information. The regulator stressed that it is “inexcusable for any telco not to have robust customer ID verification systems in place, let alone Australia’s second largest provider.”
This breach of trust has come at a significant cost for Optus, with the maximum penalty of $826,000 imposed by ACMA.