The telecommunications watchdog has imposed a fine on Optus for neglecting anti-scam regulations, causing significant financial losses for some customers.

The embattled telecom company, already dealing with the fallout from a deadly emergency services outage, failed to address a system vulnerability. This oversight allowed cybercriminals to exploit the phone numbers of 44 individuals using Coles Mobile services, which are operated by Optus.

An investigation by the Australian Communications and Media Authority (ACMA) revealed that scammers utilized these phone numbers to gain unauthorized access to bank accounts, resulting in financial theft.

At least four customers had their bank accounts compromised, leading to a total loss of $39,000.

As a consequence of these security lapses, Optus faces a fine of $826,320 for incidents that occurred between September and October of the previous year.

ACMA member Samantha Yorke said the fine was the maximum allowed, and reflected the serious level of the breach.

“While this was a one-off issue which was quickly remediated, it is inexcusable for any telco not to have robust customer ID verification systems in place, let alone Australia’s second largest provider,” she said.

“Scammers are always looking for any weaknesses in systems, and on this occasion Optus left a vulnerability which directly exposed people to harm.”

ACMA rules require telcos to verify the identity of people wanting to transfer their numbers to a new provider before a transfer is completed.

Businesses have paid more than $1.9 million for breaches of the standard in the past 12 months.