The telecom regulator has warned that large-scale breaches are “dangerous” and may “put lives at risk”.
Telstra has been fined $2.53 million after the Australian Communications and Media Authority (ACMA) uncovered large-scale privacy breaches that potentially put people’s safety at risk.
Its investigation found nearly 50,000 instances where Telstra failed to correctly upload an unlisted – or silent – number of a customer’s choice to a database used by emergency services, police and national security agencies.
This meant that these numbers could be published in public phone directories or made available through directory services.
ACMA also found that Telstra failed to provide data or optionally update databases for its Belong customers on more than 65,000 occasions.
The system, called the Integrated Public Number Database (IPND), is made up of Australian phone numbers and their owner details.
It is used by public phone directories, and provides an important resource to support the work of Australia’s emergency services, law enforcement and national security agencies.
ACMA President Nerida O’Loughlin said the database’s failure to provide the necessary information meant Telstra could potentially put people’s safety at risk.
“When people request a silent number it is often for very important privacy and security reasons, and we know that publishing their details can have dire consequences,” she said.
“IPND is used by Triple-0 to help locate people in emergencies, to warn of emergencies such as floods or wildfires for the Emergency Alert Service, and to assist law enforcement activities. for.
“Provision of these critical services may be hampered and lives may be at risk if the data is missing, incorrect or out of date. It’s worrisome that Telstra could be getting it so wrong on such a large scale. ,
A Telstra spokesperson said the company does not meet its or its customers’ high expectations in terms of its privacy and security obligations.
“We self-reported these issues to ACMA and took steps to correct them,” he said.
“We accept the ACMA findings and have paid the infringement notice.”
ACMA’s action follows findings in 2019 that Telstra had breached similar obligations.
“Telstra initially self-reported these cases and moved quickly to correct them. However, this is not Telstra’s recent major violation of these rules, which is why ACMA has taken this action,” said Ms. O. ‘ said Laughlin.
All telecom companies are required to upload the subscriber information to IPND for each service they provide.
This includes the telephone number, the name and address of the customer and whether the customer wants their number to be listed or unlisted.
Flagging a number as listed or unlisted determines whether customer details are available in public phone directories and directory support services.
It is the latest action in ACMA’s ongoing campaign to improve the accuracy of the IPND and reduce the risk of harm to Australians.
In 2018 and 2020, ACMA took action against a total of 26 telcos for non-compliance with upload rules, including giving remedial directions.
Earlier this year ACMA fined Lycamobile $600,000 for violating the rules.
If Telstra fails to comply with its obligations in the future, ACMA may initiate proceedings in federal court for civil penalties of up to $10 million per violation.