Optus is sending the mobile phone numbers of customers to websites that those customers are accessing, but has defended the practice, stating that information is only handed to "trusted partners".
Last week, a user on broadband enthusiast website Whirlpool found, when visiting certain websites that Optus has a commercial relationship with, that their phone number was included in the HTTP header of the web request to that site, through a practice known as HTTP Header Enrichment.
The poster said that they discovered the number had been passed on after receiving premium subscription services to a site they had not signed up to.
"If you visit [the website], and presumably thousands of other sites through Optus' network, your phone number is passed to them before you subscribe or consent to anything."
On Wednesday, a spokesperson for Optus confirmed that it is handing over its customers' phone numbers to websites.
"When consumers browse the internet, information about the device they're using is passed on to website owners in order to optimise websites for those users," the spokesperson said.
"Optus adds our customers' mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites."
The spokesperson insisted that numbers are only sent to "trusted partners", where user authentication is required. It is used for the premium content services where billing is direct to Optus, as well as the My Optus app.
"We sometimes team up with other companies to offer products. If you purchase a product that is delivered by one of our partners, we'll give them the personal information they need to provide it and manage their relationship with you. In these circumstances, we have arrangements in place with our partners that limit their use or disclosure of your personal information to these purposes," the policy states.
A test of the HTTP header information being sent on both Optus and Telstra found that mobile numbers are not being passed on to non-partner websites.
Research conducted in 2012 caught Australian mobile numbers being sent to websites far fewer times than in most other countries.
UK mobile provider O2 was discovered in 2012 to be passing mobile numbers not only onto "trusted partners" including premium content providers, but also inadvertently to a number of other sites.