NewsBite

Optus cops massive $826m penalty after scammers bypass verification software, steal $39k from customers

Optus has been hit with a huge penalty over a security flaw that allowed scammers to bypass its systems and defraud customers as much as $39,000.

Blake AntrobusBlake Antrobus
3 min read
November 19, 2025 - 12:01AM
NewsWire

Optus has been fined more than $820,000 after scammers managed to dupe some customers out of up to $39,000 and steal their identities by exploiting a flaw in the telco’s third-party verification system.

The Australian Communications and Media Authority (ACMA) found Optus - operating as Coles Mobile - breached anti-scam rules on 44 occasions in September and October 2024.

The watchdog’s investigation found scammers managed to exploit a vulnerability in Optus’ verification software, allowing them to bypass the required process and gain control of at least four people’s mobile services.

Some reported losses of up to $39,000 after the scammers accessed their banking details.

While the issue was quickly remediated, ACMA authority member Samantha Yorke said it was “inexcusable” for any Australian telco not to have robust customer ID verification systems in place.

Optus has been fined $826,320 for breaching anti-scam rules, after scammers were able to bypass a third-party verification system and defraud customers of $39,000. Picture: NewsWire / Nikki Short
Optus has been fined $826,320 for breaching anti-scam rules, after scammers were able to bypass a third-party verification system and defraud customers of $39,000. Picture: NewsWire / Nikki Short

“Scammers are always looking for any weaknesses in systems, and on this occasion Optus left a vulnerability which directly exposed people to harm,” she said.

“This is the maximum financial penalty the ACMA was able to give in this matter. It reflects the serious nature of the breaches.”

In total, Optus has been fined $826,320.

In a statement, an Optus spokeswoman said the company sincerely apologises to the customers affected by the fraudulent porting activity.

The spokeswoman said a number of mobile numbers were “unlawfully ported to one of our brands without customer authorisation” as a result of a technical issue managed by Prvidr.

“Optus acted swiftly in collaboration with Prvidr and other telecommunications providers to correct services for affected customers. The technical issue was resolved within 24 hours of being identified,” the spokeswoman continued.

“Prvidr has since enhanced its verification and porting controls, with testing providing assurance of system resilience.”

“We accept the action announced by the ACMA today and reaffirm our commitment to strengthening customer protections. Optus continues to work closely with government, the banking sector, and industry partners to make it increasingly difficult for criminals to misuse telecommunications services for identity theft.”

ACMA says Australian businesses have paid more than $1.9 million for breaches of the industry standard in the last 12 months.

The new financial penalty is an added blow for the beleaguered telco in the wake of their disastrous triple-0 outage.

In September, hundreds of Australians were unable to make emergency calls after a network disruption turned catastrophic. in a network disruption that turned catastrophic.

At least four people who attempted to phone emergency services died.

The latest penalty comes during the ongoing fallout from Optus’ triple-0 outage disaster. Picture: NewsWire / Nikki Short
The latest penalty comes during the ongoing fallout from Optus’ triple-0 outage disaster. Picture: NewsWire / Nikki Short

That same month, the Federal Court slugged Optus with a whopping $100 million fine for exploiting vulnerable Australians in “predatory” conduct.

Between 2019 and 2023, the telco pushed sales on 400 vulnerable Australians by selling them products they did not want or need, or could not use or afford.

The Federal Court found the telco failed to explain the terms and conditions of the contracts for sale in a manner people could understand, which resulted in customers not understanding their ongoing payment obligations.

Despite all this, Optus revealed it had attracted 169,000 more customers during the financial year until September.

Optus chief executive Stephen Rue. Picture: Dylan Coker /NewsWire
Optus chief executive Stephen Rue. Picture: Dylan Coker /NewsWire

In its latest earnings update, the telco announced a 27 per cent increase in earnings before interest and taxes to $283 million.

Optus has taken full accountability for the triple-0 outage - something the company said was a “tragic, unacceptable failure” - and announced “significant” changes to strengthen customer focus.

Part of this sweeping transformation will be an independent review into the business.

The review, led by business executive Kerry Schott, will probe any technical and operational factors which contributed to the outage and suggest further improvements.

It is expected to be completed before the end of 2025.

Since December 2020, Optus’ scam protection initiatives have blocked nearly 600 million scam calls and more than 250 million scam SMS messages.

The telco is currently building a dedicated, enterprise-wide scam prevention team led by a recently appointed Director of Scam Prevention, to strengthen defences and develop solutions which detect, prevent and disrupt scams across their network.

More Coverage

'Tragic failure': Optus profits jump in September'Tragic failure': Optus profits jump in September
Cameron Micallef
Optus hit with huge $100m penaltyOptus hit with huge $100m penalty
Blake Antrobus

Originally published as Optus cops massive $826m penalty after scammers bypass verification software, steal $39k from customers

More related stories

Original URL: https://www.themercury.com.au/technology/online/optus-cops-massive-826m-penalty-after-scammers-bypass-verification-software-steal-39k-from-customers/news-story/0c8ad376d3587479b4ece46af8aab03c