Optus Mobile has been fined $826,320 after an investigation by the Australian Communications and Media Authority (ACMA) found the company breached anti-scam rules on 44 occasions, allowing scammers to take control of customer mobile numbers and access bank accounts.
The breaches occurred in September and October 2024 while Optus was operating the Coles Mobile service. According to ACMA, scammers exploited a vulnerability in a third-party identity-verification system used by Optus, enabling them to bypass required security checks during mobile number transfers. At least four consumers had their mobile services compromised, leading to reported financial losses of $39,000 and instances of identity theft.
ACMA Authority Member Samantha Yorke said the incident highlights the serious consequences of weaknesses in telco identity-verification processes. She described the failure as “inexcusable,” noting that scammers actively search for gaps in systems and that robust verification is essential to protecting consumers.
While the issue was quickly rectified, ACMA imposed the maximum penalty available for this category of breach. The authority has identified mobile number fraud as an enforcement priority, with more than $1.9 million in penalties issued over the past year for failures to comply with the Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020.
ACMA urged consumers to contact their telco and financial institution immediately if they suspect their number has been compromised or they have been targeted by a phone-based scam.
