NewsBite

Optus fined $1.5m after ‘alarming’ breach

Close to 200,000 mobile customers were put at risk after the telco giant failed to share critical emergency data.

‘Deeply concerning’: Optus set to swing the axe on 200 jobs

Optus has been hit with a $1.5m fine after it failed to upload the data of nearly 200,000 customers to a critical emergency database.

Australia’s media watchdog said the telco giant was responsible for a “large-scale public safety breach” after it failed to upload customer information to a database used by police, fire and ambulance services to locate people in emergencies between January 2021 and September 2023.

The Public Number Database (IPND) is used to alert Australians of disasters such as floods and bushfires.

ACMA member Samantha Yorke said the watchdog launched its investigation after a compliance audit found Optus had failed to upload data via its outsourced supplier, Prvidr Pty Ltd.

“When emergency services are hindered there can be very serious consequences for the safety of Australians,” Ms Yorke said.

“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long.”

The breach relates to customers using Optus’ Coles Mobile and Catch Connect brands. Picture: Flavio Brancaleone/NCA NewsWire.
The breach relates to customers using Optus’ Coles Mobile and Catch Connect brands. Picture: Flavio Brancaleone/NCA NewsWire.

ACMA commenced its investigation after a compliance audit indicated Optus had failed to upload data via its outsourced supplier, Prvidr Pty Ltd.

In addition to fines, the watchdog has accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider.

The telco faces federal court action and fines of up to $10m per breach if it fails to comply with the industry code.

Optus has accepted that proper audits were not put in place for its third-party supplies and has apologised to customers.

“Optus accepts that proper audits and checks were not in place to ensure IPND obligations were being met for services we supply through our partner brands. We apologise for this and accept that we have not met community expectations,” the telco said in a statement.

Original URL: https://www.news.com.au/finance/business/other-industries/optus-fined-15m-after-alarming-breach/news-story/1a92fac1c09fbdef51d48e37a84631d5