The telecommunications watchdog has imposed a hefty fine on Optus for not adhering to anti-scam regulations, leaving some of its customers significantly financially impacted.

The beleaguered telecom company, still dealing with the fallout from a deadly emergency services outage, failed to rectify a system vulnerability. This oversight allowed fraudsters to exploit the phone numbers of 44 individuals using Coles Mobile services, which are operated by Optus.

According to an investigation by the Australian Communications and Media Authority (ACMA), these scammers leveraged the compromised phone numbers to gain access to bank accounts and siphon off funds.

The investigation revealed that at least four consumers suffered bank account breaches, leading to a combined theft of $39,000.

As a consequence of these security lapses that occurred between September and October of the previous year, Optus faces a penalty of $826,320.

ACMA member Samantha Yorke emphasized that the fine represents the maximum penalty permissible, underscoring the gravity of the violation.

“While this was a one-off issue which was quickly remediated, it is inexcusable for any telco not to have robust customer ID verification systems in place, let alone Australia’s second largest provider,” she said.

“Scammers are always looking for any weaknesses in systems, and on this occasion Optus left a vulnerability which directly exposed people to harm.”

ACMA rules require telcos to verify the identity of people wanting to transfer their numbers to a new provider before a transfer is completed.

Businesses have paid more than $1.9 million for breaches of the standard in the past 12 months.