Vodafone Australia, the third largest mobile operator in the country, agreed to improve its processes for verifying the identity of prepaid customers following a probe by the country’s regulator.

The Australian Communications and Media Authority (ACMA) investigation found Vodafone failed to confirm the identities of at least 1,028 customers before activating their mobile service. Under an court-enforceable proposal accepted by ACMA, Vodafone will conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programmes, conduct compliance audits every six months and report to the authority.

The breaches occurred between 6 January 2015 and 6 January 2016 and resulted from changes to Vodafone’s IT systems which allowed customers to self-select online their identity had been verified in store without any further checks.

“Verifying the identity of prepaid mobile customers helps law enforcement and national security agencies obtain accurate information about the identity of customers for the purposes of their investigations,” said ACMA acting chair James Cameron.

“Telcos must check that changes to their IT systems don’t run the risk of contravening legal requirements,” he added.