The Australian Communications and Media Authority (ACMA) has hit Lycamobile with a AU$604,800 infringement notice, following what it called “prolonged and large-scale customer data failures, which could have put people in danger”.
In its investigation, ACMA found 245,902 instances where the telco failed to pass on information to Telstra so it could maintain the Integrated Public Numbers Database (IPND) used by emergency services when responding to 000 calls, as well as the Emergency Alert Service.
“Telcos have a responsibility to help keep Australians safe during natural disasters or life-threatening circumstances,” ACMA chair Nerida O’Loughlin said.
“Lycamobile may have put people’s lives at risk by not passing accurate information on to the IPND.”
The ACMA started its investigation in June 2019, issuing an initial notice and asking Lycamobile for customer records, but the returned information was patchy, with ACMA subsequently expanding its investigation and eventually issuing a second notice in January 2020.
It further said there were 5,671 instances where the telco did not upload data to the IPND for “between three days and nine years” after gaining a customer. It also did not upload complete and accurate information for 240,231 customers, with over 210,000 customers being listed as connected in the IPND when they were disconnected.
The regulator also found another 4,207 instances where Lycamobile failed to conduct proper ID checks before signing up customers.
A preliminary investigation by ACMA claimed the telco failed to take a customer’s name 84 times, but after ruling out incorrectly entered names and people using mononyms, that number was reduced to 45.
“For the remaining 45 entries, the ACMA does not accept that they are actual customer names, as they appear to be keyboard smashes or fictional names,” it said.
Beyond the fine, ACMA said Lycamobile needed to have an independent audit of its systems and processes completed and implement the recommendations from it, and should further infringements be found, ACMA could take the telco to Federal Court where it could face penalties of up to AU$250,000 per breach.