Exetel Hit with Record Penalty Over Anti-Scam Failures

Key Takeaways

• Record Penalty: Exetel paid $472,505 (AUD 694,860), the largest fine to date for anti-scam rule breaches.
• Consumer Harm: Scammers exploited Exetel’s systems, causing losses of at least $280,160 (AUD 412,000) and exposing victims to identity theft.
• Regulatory Priority: ACMA has flagged mobile number fraud as a compliance priority and is prepared to pursue strong enforcement.
• System Failures: The regulator criticized Exetel for vulnerabilities in its identity verification process, stressing that safeguards should have prevented the breaches.
• National Context: The case ties into the government’s Fighting Scams initiative and the work of the National Anti-Scam Centre.

Deep Dive

Australia’s communications regulator has penalized Exetel nearly $472,505 (AUD 694,860) after uncovering serious breaches that left customers exposed to sophisticated mobile number fraud schemes.

The Australian Communications and Media Authority (ACMA) announced on 27 August 2025 that Exetel paid the penalty following an investigation into its compliance with anti-scam rules. The probe found that in June and July 2024, the telco breached its obligations 73 times, allowing scammers to exploit weaknesses in its systems and bypass identity verification safeguards.

Scammers Exploited Loopholes

The lapses allowed criminals to gain control of customers’ mobile numbers and, in turn, access bank accounts. Reported financial losses linked to the breaches reached at least $280,160 (AUD 412,000), with victims also facing identity theft and ongoing emotional harm.

ACMA Authority Member Samantha Yorke underscored the seriousness of the case.

“Exetel had exposed people to serious financial harm and stress,” she said. “While Exetel took steps to fix its issues soon after they were identified, the simple fact is the vulnerabilities should not have existed in the first place and the people impacted should have been protected.”

Yorke added that the scams often involve organized criminal groups, making it essential that telcos maintain airtight protections around customer authentication.

Record Penalty in Crackdown

The fine is the largest ever imposed under the Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020. The standard requires telcos to confirm the identity of customers before allowing a mobile number to be transferred to another provider, a measure designed to block SIM-swap and porting fraud.

“Telcos must ensure their online portals and forms are secure and cannot be compromised,” Yorke warned. “These scams are often perpetrated by sophisticated criminal syndicates.”

The enforcement comes amid an ACMA crackdown on mobile number fraud, which it has flagged as a compliance priority. The regulator said it is actively monitoring the sector and will pursue strong enforcement action against any providers found in breach of the rules.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.