Vodafone has admitted that an IT error allowed the purchase of pre-paid plans without proper checks.

“The breaches ... resulted from changes to Vodafone’s IT systems that allowed customers to self-select online that their identity had been verified in store, without any further check that this had actually occurred,” the Australian Communications and Media Authority (ACMA) said following a recent investigation.

Vodaphone has reportedly agreed to an enforceable undertaking with the ACMA, after it found the telco had “failed to verify the identity of at least 1028 customers before activating their prepaid mobile services”.

Those 1028 customers signed up during just three days of a the year-long period during which the loophole in the SIM purchase process existed.

The regulator said it “makes no finding regarding any other possible contraventions beyond the 1028 contraventions” Vodafone conceded.

The undertaking will see Vodafone “conduct a review and risk assessment of any future proposed changes to its systems and processes, instigate training programs, conduct compliance audits every six months and report to the ACMA”.

ACMA’s acting chair James Cameron said all telcos “must check that changes to their IT systems don’t run the risk of contravening legal requirements.”