Telstra has been fined $2.5 million for a huge privacy breach.
It is a record for a fine issued by the Australian Communications and Media Authority, after the telecommunications giant broke rules designed to protect consumer privacy and safety.
ACMA’s investigation found Telstra failed to upload a user’s choice of number as unlisted to the Integrated Public Number Database on almost 50,000 occasions.
This meant the numbers were available to be published in public phone directories.
The investigation also found Telstra didn’t provide or update data of its Belong customers to the IPND on more than 65,000 occasions.
That database is used by emergency services, including by triple-zero when trying to locate people, along with law enforcement and national security agencies.
Telcos must upload customer details to the IPND, including phone number, name and address, along with if a number is to be unlisted.
ACMA chair Nerida O’Loughlin said Telstra’s breaches were alarming.
“When people request a silent number it is often for very important privacy and safety reasons, and we know that the publication of their details can have serious consequences,” she said.
“The provision of these critical services can be hampered and lives put in danger if data is missing, wrong or out of date. It is alarming that Telstra could get this so wrong on such a large scale.”
Ms O’Loughlin said Telstra self-reported and quickly corrected its mistakes, but had breached the same obligations in 2019.
Telstra has paid the fine.