Overview
- An ACMA investigation found 44 breaches at Optus-operated Coles Mobile in September and October 2024 after scammers bypassed identity checks in a third-party porting system.
- At least four customers had their numbers unlawfully ported and reported bank losses totaling $39,000 through account takeovers.
- The regulator imposed a $826,320 penalty, the maximum allowed under the anti-scam industry code, and called the lapse inexcusable.
- Optus accepted the ruling, issued an apology, attributed the flaw to service provider Prvidr, and said the issue was fixed within 24 hours with enhanced controls.
- The enforcement action compounds scrutiny following a fatal triple-zero outage and a separate $100 million Federal Court penalty, with an independent review led by Kerry Schott due before year’s end.