Optus has been fined $1.5 million after the communications watchdog found large-scale public safety breaches.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The telco failed to upload the data of nearly 200,000 customers to a database used to warn Australians of emergency disasters and help locate Triple Zero calls, the watchdog found.
The investigation by the Australian Communications and Media Authority (ACMA) identified that customer information of Optus partner brands Coles Mobile and Catch Connect data was not uploaded to the Integrated Public Number Database (IPND) between January 2021 and September 2023.
ACMA member Samantha Yorke said there could have been "serious consequences for the safety of Australians" if emergency services were hindered.
"While we are not aware of anyone being directly harmed due to the non-compliance in this case, it's alarming that Optus placed so many customers in this position for so long," she said.
"All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers."
The ACMA investigation began after a compliance audit indicated the telco had failed to upload the data through its outsourced supplier Prvidr Pty Ltd, Ms Yorke said.
Optus to ensure breach 'is not repeated'
An Optus spokesperson said the telco apologised and accepted it had not met community expectations.
"Optus accepts that proper audits and checks were not in place to ensure IPND obligations were being met for services we supply through our partner brands," the spokesperson said.
"Optus has now introduced those audits and checks-over its suppliers' performance to ensure this issue is not repeated."
The telco accepted the ACMA's findings and agreed to an enforceable undertaking to complete an independent review of its processes in managing compliance with the IPND obligations for partner brands, and make improvements if required.
The ACMA could take Optus to the Federal Court with penalties up to $10 million per breach if it fails to comply with the directions.
It's the fifth telco the ACMA has taken action against for IPND breaches in the past 18 months.
It comes after more than 2000 calls to triple zero were not connected due to a widespread Optus outage on November 8, 2023.
It led to the resignation of the telco boss Kelly Bayer Rosmarin after a turbulent three years in the role, which included the 2022 Optus data breach.