A file photo of an Optus sign
Nearly 10 million Australians had their data compromised when Optus fell victim to a data breach. Image by Con Chronis/AAP PHOTOS
  • politics

Optus fined $1.5 million for ‘alarming’ safety breach

Andrew Brown March 6, 2024

Optus has been slapped with a $1.5 million fine by the communications watchdog after the telco was found to have breached public safety rules.

The Australian Communications and Media Authority found Optus did not upload the details of 200,000 mobile customers to a database used by emergency services between January 2021 and September 2023.

The Integrated Public Number Database is used to provide information to police, fire or ambulance services during triple zero calls, as well as being used to issue emergency alerts in disasters such as bushfires.

Samantha Yorke from the authority said an investigation into Optus was launched after a compliance audit found data was not submitted.

“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long,” she said.

“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party.”

As well as the financial penalty, Optus will be required to carry out an independent review of its compliance with the database, which is court enforced, and adopt any of the recommendations put forward.

Optus could be hit with a further fine of up to $10 million if it does not meet requirements from the review.

“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers,” Ms Yorke said.

“When emergency services are hindered, there can be very serious consequences for the safety of Australians.”

An Optus spokesman said it accepted that proper audits were not in place to ensure the database requirements were being met.

“We apologise for this and accept that we have not met community expectations,” the spokesman said.

“Optus has now introduced those audits and checks-over its supplier’s performance to ensure this issue is not repeated. Optus accepts the ACMA’s findings and has agreed to an enforceable undertaking.”

The communications watchdog has hit five other telcos with a combined $2 million in fines for similar database responsibility breaches over the past 18 months.