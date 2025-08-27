Exetel fined $694k over system 'vulnerability' for mobile number porting

By

Ported numbers used to steal from bank accounts.

Exetel has been penalised $694,000 after scammers were able to port mobile numbers to the telco and use them to steal hundreds of thousands of dollars from bank accounts.

Exetel fined $694k over system 'vulnerability' for mobile number porting

An investigation [pdf] by the Australian Communications and Media Authority (ACMA) found that unspecified “bad actor/s” were able to port 73 numbers to Exetel through an online portal, with some required identity checks taking place.

“This occurred via a deficiency in Exetel’s system,” the ACMA said.

For a further five numbers, it appears the bad actors were able to “manipulate … systems” in some way, according to a media statement.

Details of this are redacted from the investigation report, which states only that “bad actor/s” took an unspecified action “so they could proceed with an unverified [mobile number] port.”

In total, the ported numbers were used to steal at least $412,000 from bank accounts.

“While Exetel took steps to fix its issues soon after they were identified, the simple fact is the vulnerabilities should not have existed in the first place and the people impacted should have been protected,” ACMA member Samantha Yorke said.

“These scams are often perpetrated by sophisticated criminal syndicates and telcos must ensure their online portals and forms are secure and cannot be compromised.”

Yorke added that the penalty paid by Exetel “is the largest to date for contraventions of these rules.”

The incidents took place mid last year, with the ACMA concluding its investigation back in February.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
exetelsecuritytelco/isp

Sponsored Whitepapers

What 4 wholesale distribution challenges aren&#8217;t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study
Greater Western Water's billing system data issues laid bare

Greater Western Water's billing system data issues laid bare
Microsoft plans full quantum-resistant cryptography transition by 2033

Microsoft plans full quantum-resistant cryptography transition by 2033
TPG Telecom reveals iiNet order management system breached

TPG Telecom reveals iiNet order management system breached
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?