Optus fined $1.5 million for IPND breaches

Optus is the latest mobile carrier fined by the Australian Communications and Media Authority (ACMA) over Integrated Public Number Database breaches.

Announcing the more than $1.5 million fine, the ACMA said between January 2021 and September 2023, Optus failed to upload information to the IPND for nearly 200,000 customers.

The affected customers had bought plans under the Coles Mobile and Catch Connect retail brands.

Location information in the IPND is important to the Triple Zero and Emergency Alert services.

ACMA member Samantha Yorke said the regulator started investigating when a compliance audit indicated Optus failed to upload the data from its customer service as-a-service provider, Prvidr.

“When emergency services are hindered there can be very serious consequences for the safety of Australians,” Yorke said in a statement.

Yorke added that outsourcing operations to a third party didn’t relieve carriers of the responsibility to have systems in place to meet their obligations, “including having robust oversight and assurance processes for third-party suppliers.”

Optus also offered a court-enforceable undertaking to conduct an independent review of its IPND compliance when a third-party data provider is used.

The ACMA has also formally directed Optus to comply with the IPND industry code.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts