The UK’s largest telecoms company has been fined £17.5m ($22.58m) after what communications regulator Ofcom called a “catastrophic” failure of its emergency call-handling service last year.
Ofcom said the telco was “ill-prepared to respond” to the failure which lasted for 10.5 hours on June 25, 2023, despite being “a well-resourced and experienced communications provider”. Its investigation found that BT;
- did not have sufficient warning systems in place to deal with this type of incident;
- did not have adequate procedures for prpmptly assessing the incident’s severity, impact and likely cause;
- did not have adequate procedures in place for identifying mitigating actions.
The investigation also found that “BT’s disaster recovery platform had insufficient capacity and functionality to deal with a level of demand that might reasonably be expected.”
BT is responsible for connecting 999 and 112 emergency calls, and for providing text relay services for deaf and speech-impaired people. Ofcom said “the potential degree of harm was extremely significant.”
How the incident unfolded
The incident unfolded in three stages. At 6:24am on June 25, 2023, BT’s emergency call handling system was disrupted. The cause was later found to be a configuration error in a server file. For an hour, the systems operated by call handling agents restarted as soon as a call was received, agents were being logged out of the system, and calls dropped when they were transferred to the emergency services.
BT was initially unable to identify the cause of the problem, and so took the decision to switch to its disaster recovery platform at 7:33am. But this attempt failed due to human error as staff dealt with poor documentation and an unfamiliar system. The incident, that originally only affected some calls, now became a total system outage.
By 8:50am the rate of unsuccessful calls began to drop as traffic began to successfully migrated to the disaster recovery platform. But that platform struggled with demand, and disruption continued until 4:56pm.
Life and death
During the incident, nearly 14,000 call attempts from 12,392 different users were unsuccessful. While there have been no confirmed reports of serious harm to members of the public occurring as a result of the incident, Ofcom’s Director of Enforcement Suzanne Cater said: “Being able to contact the emergency services can mean the difference between life and death, so in the event of any disruption to their networks, providers must be ready to respond quickly and effectively.
‘In this case, BT fell woefully short of its responsibilities and was ill-prepared to deal with such a large-scale outage, putting its customers at unacceptable risk.
“Today’s fine sends a broader warning to all firms – if you’re not properly prepared to deal with disruption to your networks, we’ll hold you to strict account on behalf of consumers.”
BT was found to have contravened section 105A(1)(c) of the Communications Act 2003 and Regulation 9 of the Electronic Communications (Security Measures) Regulations 2022.
BT must pay the fine within two months of this decision. It includes a 30% reduction as a result of the company’s admission of liability and agreement to settle the case.