Three Australian Telcos Get Warnings From ACMA for Violations Opening Doors To Identity Theft

Three Australian Telcos Get Warnings From ACMA for Violations Opening Doors To Identity Theft

ACMA is cracking down on telcos who fail to verify customer info when they migrate from other operators which leaves customers vulnerable to identity theft. Telstra, Aldi Mobile, and Optus have received formal notices with warnings.

The Australian Communications and Media Authority (ACMA), an Aussie telecommunications watchdog, has issued formal notices to the three telcos notifying them that they had failed to validate customer details when they switched carriers.

ACMA found that Aldi Mobile, which is powered by Medion Mobile and owned by Lenovo, did not follow the rules on 53 occasions. Telstra was found to have failed to do so 52 times and Optus – once.

“Historically it has been too easy to transfer phone numbers from one telco to another. All a scammer needed to hijack a mobile number and access personal information like bank details was a name, address and date of birth,” ACMA chair Nerida O’Loughlin said.

“We are cracking down on telcos that don’t follow the rules and leave customers vulnerable to identity theft.”

ACMA said victims of mobile number fraud typically lost over AU$10,000 and struggled to “regain control of their identities for long periods of time”.

The Australian regulator said some telcos have stopped the practice after new rules for validating customer information came into effect last year.

ACMA said victims who have been impacted by an identity theft need to contact their company and notify the bank, report it to the police, Scamwatch, and the Australian Cyber Security Centre, and change passwords.

The ACMA warned the telcos that further violations may entail an AU$250,000 fine per breach.

Earlier this week, Lycamobile paid a AU$600,000 fine the ACMA imposed on it after the regulator found “prolonged and large-scale customer data failures, which could have put people in danger”. ACMA found 245,902 instances where the company failed to provide information to Telstra to  be added to the Integrated Public Numbers Database (IPND) for use by emergency services.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.