Scammers Exploit Southern Phone Weaknesses as Regulator Issues Record Penalty

Key Takeaways

• Southern Phone Penalty: Southern Phone paid $1,607,600 (AUD 2,500,560) for failing to prevent scammers from hijacking customer mobile numbers.
• 168 Breaches Identified: Fraudsters bypassed identity-verification rules on 168 occasions between July 2024 and February 2025.
• Consumer Losses: At least 20 victims reported $252,400 (AUD 393,000) in combined financial losses.
• Mandatory Oversight: A 36-month court-enforceable undertaking requires independent process reviews, security testing, and regular reporting.
• Regulatory Crackdown: ACMA says number-porting fraud is an established scam tactic and warns more enforcement actions are ahead.

Deep Dive

Southern Phone is facing tough scrutiny after paying $1,607,600 (AUD 2,500,560) in penalties, the highest fine the Australian Communications and Media Authority has ever issued for this type of failure, for giving scammers an easy path to take over customers’ mobile numbers.

The breaches weren’t minor slip-ups. Over eight months, from July 2024 to February 2025, fraudsters managed to exploit Southern Phone’s systems 168 times, bypassing identity checks that were supposed to block unauthorized number transfers. Once scammers seized control of a victim’s mobile service, it often meant direct access to bank accounts and personal information.

Twenty people who came forward reported losing $252,400 in total (roughly AUD 393,000). For many, the financial hit was only part of the ordeal.

“These individuals endured real harm—not just money lost, but the anxiety and emotional toll that identity fraud brings,” ACMA Authority Member Samantha Yorke said. She stressed that the failures persisted for more than a year without detection or remediation. “This shouldn’t have taken that long to catch.”

The regulator isn’t just collecting the fine and walking away. Southern Phone must undergo three years of independent oversight, including security reviews, system tests, and regular reporting. ACMA wants proof the telco can shut the door on scammers going forward.

Mobile-number theft has become a preferred scam tactic because of how quickly it can unlock financial accounts, and because it takes advantage of telcos that aren’t watching closely enough. According to ACMA, more than $2.96 million (AUD 4.6 million) in penalties have already been issued to telcos under its current crackdown.

Yorke said the industry can’t pretend this is a one-off.

“This is the third time this year we’ve seen criminals exploit weaknesses in number-porting systems,” she said. “Telecommunications providers need to toughen their defenses—scammers clearly know where to look.”

Australia’s Mobile Number Pre-Porting Additional Identity Verification rules require identity checks before a number can be moved to a new service. ACMA’s message is simply to follow the law, or expect consequences.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.