The Australia Communications and Media Authority (ACMA) has filed proceedings in the Federal Court against Optus Mobile Pty Ltd (Optus).
ACMA alleges that during a data breach which occurred between September 17-20, 2022, Optus failed to protect the personal information of its customers from unauthorised interference or unauthorised access as required under the Telecommunications (Interception and Access) Act 1979 (Cth).
The breach saw hackers steal personal information such as names, dates of birth, phone numbers, and email addresses from around ten million current and former Optus customers.
Optus said it would defend the matter in a statement issued this week. “Optus has previously apologised to its customers and has taken significant steps, including working with the police and other authorities, to protect them,” the statement said. “It has also reimbursed customers for the cost of replacing identity documents.”
This follows Optus paying a penalty of more than AUD1.5 million in March 2024 after ACMA found large-scale breaches of public safety rules by the telco.
A separate ACMA investigation found Optus left close to 200,000 mobile customers (supplied under the Coles Mobile and Catch Connect brands) at risk by failing to upload required customer information to the Integrated Public Number Database (IPND) between January 2021 and September 2023.
Critical services like the Emergency Alert service use the IPND to warn Australians of disasters. IPND also provides location information to the police, ambulance, and fire brigade, sourced from 000 calls.
Over the past 18 months, the ACMA has taken action against five telcos for IPND breaches, with financial penalties totaling more than AUD2 million.
