Telco Exetel fined $694K for failing to comply with laws that protect customers from scammers

Australian telco Exetel has been fined $694,860 for failing to comply with laws that protect customers from scammers.

An Australian Communications and Media Authority (ACMA) investigation found the company breached the rules on 73 occasions in June and July 2024 after scammers were able to manipulate its systems to bypass parts of the required identity verification processes.

As a result, scammers were able to gain control of mobile number services and access consumers' bank accounts, with reported losses of at least $412,000, the investigation found.

ACMA member Samantha Yorke said Exetel had exposed people to serious financial harm and stress.

"We are aware of reports of significant financial losses suffered by consumers, and we know that this kind of fraud can also lead to misuse of personal information and ongoing emotional harm connected to identity theft," Ms Yorke said.

"While Exetel took steps to fix its issues soon after they were identified, the simple fact is the vulnerabilities should not have existed in the first place and the people impacted should have been protected.

"These scams are often perpetrated by sophisticated criminal syndicates and telcos must ensure their online portals and forms are secure and cannot be compromised."

The financial penalty paid by Exetel is the largest to date for contraventions of these rules.

Exetel is part of the Superloop Group, which has been listed on the ASX since 2015.

"This was a sophisticated attempt by bad actors using credentials obtained illegitimately from external sources unrelated to Exetel or its customers," said an Exetel spokeswoman.

"Whilst there was a gap in our mobile number porting process for a short period, we worked quickly to identify and correct that gap by July 2024.

"We apologise for any inconvenience that the impacted consumers may have experienced.

In June, fellow telco Optus admitted to engaging in unconscionable conduct and agreed to pay a $100 million penalty for selling customers phones and contracts they did not want or need.

The Australian Competition and Consumer Commission (ACCC) sued the telco in October last year over the practices, which affected hundreds of vulnerable customers.

Written by: Tessa Flemming, ABC News.