Aussie Broadband has paid a $213,120 fine after a software error caused it to not properly record VoIP and mobile numbers in a directory service used by emergency services and law enforcement.
The Australian Communications and Media Authority (ACMA) said that Aussie Broadband did not provide information for addition to the integrated public number database (IPND) over 30,000 times between November 2021 and May 2022.
“The IPND is used by Triple Zero to help locate people in an emergency, for the emergency alert ervice to warn of emergencies like flood or bushfire, and to assist law enforcement activities,” the ACMA said.
Chair Nerida O’Loughlin said the authority was “not aware anyone was harmed due to the breaches” but found it “alarming that Aussie Broadband did not have effective processes in place to identify that its customer information was not being provided for over six months.”
An investigation report [pdf] attributes the breaches to “a technical issue with Aussie Broadband’s error reporting software”.
Every upload of data to the IPND generates an “error file report” that providers must access; “the generation of an error file signifies that the upload file [from the retailer] has been processed by the IPND,” according to Communications Alliance technical notes. [pdf]
If there are errors in the upload of phone number information, the error file highlights the problems, enabling retailers to action fixes.
The technical issue on Aussie’s side “resulted in error files not being pushed through to it for review and action,” according to the ACMA’s investigation notes.
