Australia
Singtel-owned Optus fined A$1.5M for ‘large-scale’ public safety breaches
The Australian comms watchdog impose a A$1.5 million fine on Singtel’s Optus for extensive breaches of public safety rules related to disaster alert services.
AUSTRALIA: On Wednesday (6 March), the Australian Communications and Media Authority (ACMA) announced that Optus, an Australian telecom company owned by Singapore Telecommunications, has paid a fine of A$1.5 million (approximately US$978,150).
This penalty follows the discovery of extensive breaches of public safety regulations concerning emergency services.
As per the ACMA’s press statement, the investigation disclosed that Optus jeopardized the safety of approximately 200,000 mobile customers.
The telecom company failed to upload essential customer information to an emergency services database from January 2021 to September 2023, leaving these customers exposed to potential risks.
The Integrated Public Number Database (IPND), a critical system for sending emergency text messages during disasters and sharing information with local emergency services, became the focal point of the recent issues surrounding Optus.
ACMA member Samantha Yorke expressed concern about the extensive period during which approximately 200,000 customers were exposed to potential risks due to Optus’s failure to comply with IPND regulations between January 2021 and September 2023.
“When emergency services are hindered there can be very serious consequences for the safety of Australians,” Ms Yorke said.
While there is no direct evidence of harm resulting from this non-compliance, Yorke emphasized the alarming nature of the situation.
“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party.
“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”
The ACMA initiated investigations after indications from a compliance audit suggested that Optus was neglecting data uploads to the IPND.
In addition to the financial penalty, the ACMA has accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider, and make any improvements recommended by the review.
Optus has also been formally directed to comply with the IPND industry code.
“If the ACMA finds Optus fails to comply with the direction or the enforceable undertaking, it may commence proceedings in the Federal Court, which can order penalties up to $10 million per breach or make orders in relation to the undertaking,” the statement wrote.
Optus, through a spokesperson, issued an apology for the incident and acknowledged the absence of proper audits and checks to ensure compliance with IPND obligations.
The company accepted the ACMA’s findings and has committed to an “Enforceable Undertaking,” agreeing to undergo an independent review of its processes to manage IPND compliance.
This incident comes on the heels of Optus experiencing a significant outage in November last year, which affected almost half of the Australian population.
The interruption resulted in millions of customers and businesses being severed from services, creating a chain of disturbances that required almost 14 hours to resolve.
Following the incident, Ms Kelly Bayer Rosmarin, the CEO of Optus, has stepped down. Michael Venter, Optus’ chief financial officer later stepped into the CEO role.
Optus Assumed operational control in 2022 after parent company Singtel’s decentralisation
Back in 2022, Optus management announced that they would take operational control of its business-to-business arm following a decentralisation process by its parent company Singtel.
The Singapore-headquartered Singtel handed operational management of Optus Enterprise over to the Australia-based Optus team in a move that will support the “localised need of [its] business customer[s]”.
Starting from July 1, 2022, Singtel asserted that the transition granted Optus greater operational independence and direct responsibility.
However, details regarding the management of the core communication network utilized by Optus were not disclosed.
At the time, Singtel Group CEO Mr Yuen Kuan Moon said, “Optus has been part of the Singtel stable for two decades and a leading player in the Australian consumer market. ”
“Given the hyper digitalisation that enterprises are currently experiencing, this is also timely as Optus can focus on advancing its growth as a B2B player.”
On 9 November 2023, Singtel announced its first-half net profit rose 83% to S$2.14 billion, boosted by an exceptional gain from regional associate Telkomsel’s integration of IndiHome, the largest fixed broadband provider in Indonesia.
The latest announcement noted that Optus’ operating revenue was up 1%, led mainly by its mobile business, with mobile service revenue rose 3% from customer growth, particularly in prepaid, higher postpaid ARPU and increased Optus Sports subscriptions for the FIFA Women’s World Cup.
Mobile ARPU fell slightly due mainly to a greater proportion of lower ARPU prepaid customers, reflecting demand for lower price plans.
The total mobile customer base grew 167,000 in the first half, with 108,000 new prepaid mobile customers driven by a strong performance by amaysim.
5G device penetration also grew and reached more than 4.2 million.