Three fined £1.9m for 999 call flaw
Ofcom investigation reveals emergency calls were routed through a single data centre
Mobile network operator Three has been hit with a 1.9 million fine after an investigation revealed that a call-routing weakness meant it could not always guarantee customers could access the emergency services.
The flaw was first discovered in October 2016, when Ofcom was alerted to a temporary loss of the Three service to customers in Kent, Hampshire and parts of London.
An investigation launched the following month found that emergency calls on the network were being routed through a specific data centre, and therefore vulnerable to a single point of failure.
Ofcom regulations stipulate that mobile operators much ensure that customers are able to contact the emergency services at all times. However, in the event of an outage, Three's network would have been unable to automatically divert emergency calls to back-up routes, as these were also being funnelled through a single data centre.
Ofcom's penalty of 1,890,000, due to the weakness in the network - rather than a specific outage - incorporates a 30% reduction as a result of Three's continued co-operation, the regulator said, as well as the improvements it has made to its routing configuration.
"Telephone access to the emergency services is extremely important, because failures can have serious consequences for people's safety and wellbeing," said Gaucho Rasmussen, enforcement and investigations director at Ofcom. "Today's fine serves as a clear warning to the wider telecoms industry. Providers must take all necessary steps to ensure uninterrupted access to emergency services."
Three has since made improvements to its network, which now uses multiple data centres to route calls to the mainline BT network.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Three acknowledges Ofcom's decision today to fine Three for a single point of vulnerability on Three's network," the company said in a statement. "However, this vulnerability has not had any impact on our customers and only relates to a potential point of failure in Three's network.
"Ofcom recognises that the circumstances surrounding the October 2016 fibre break outage were exceptional and outside of Three's control. As a result, the incident itself was not a breach of Ofcom's rules."
Rival network operator EE was also fined 2.7 million in January after an Ofcom investigation found 40,000 customers had been overcharged, some of whom had not been reimbursed.
Image courtesy of Ofcom
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.