Telstra’s nationwide mobile outage was triggered by an undocumented network change that activated an unpatched GPS card, exposing weaknesses in the carrier’s change controls and maintenance systems.
The company told a Senate hearing on Friday that engineers had altered a Melbourne time synchronisation server within the past six months to resolve an unrelated fault.
That workaround promoted the server from a Stratum 3 device to a Stratum 1 authority, allowing it to determine the network’s date and time through its onboard GPS card.
The change was never formally documented. The GPS card was also missing a firmware update that Telstra had been reminded to install in 2020 and again in 2022.
Together, the two failures caused part of the mobile network to reportedly reset its internal date from 2026 to November 2006, disrupting services across Australia.
The disclosure adds a serious change-management failure to Telstra’s earlier explanation, which broadly attributed the outage to a malfunctioning mobile network timekeeping node.
Mobile networks require precise and consistent timing to authenticate devices, coordinate traffic and establish secure connections across thousands of interconnected systems.
Telstra distributes time through the Network Time Protocol, or NTP, using a hierarchy that begins with authoritative reference clocks and passes timing data through successive network layers.
Under Telstra’s standard design, the Symmetricom SSU-2000 unit involved in the outage operated as a Stratum 3 device and obtained its time from a Stratum 2 source.
Chief executive Vicki Brady says the Melbourne unit had stopped receiving time correctly from the server above it in the hierarchy.
“The NTP server in Exhibition St (in Melbourne) had an underlying software configuration, such that when the device restarted, it reset the date to 2006,” Telstra said in a submission to the inquiry.
Engineers responded by redesigning the unit so that it relied on its internal GPS card, rather than continuing to obtain its date and time from another network server.
The workaround made a previously unused GPS function critical to the network. However, the software controlling that function had not been updated.
Brady says Telstra’s technical teams had considered the firmware update but decided it was unnecessary because the affected GPS feature was not being used under the original design.
The explanation points to a breakdown between Telstra’s network modification and patch-management processes. A change that activated the GPS card did not trigger a reassessment of its firmware status.
It also raises questions about why an undocumented alteration to a nationally important timing server could remain in operation without formal review, testing or comparison with standard configurations.
Publicly available documentation indicates the SSU-2000 platform is about 24 years old, although the age of the specific Telstra unit and its individual components was not disclosed.
Older GPS cards can use a legacy counter that resets after 1024 weeks, or just under 20 years, unless firmware accounts for the rollover.
Once Telstra’s Melbourne server began treating its GPS card as the authoritative time source, the rollover reportedly shifted the network date back to November 2006.
Customers reported that their mobile devices displayed 2006 instead of 2026 after reconnecting to Telstra’s network, reflecting a time difference of about 20 years.
An incorrect device or network date can break Transport Layer Security authentication because digital certificates are valid only within specified time periods.
Systems may reject otherwise legitimate certificates when the date appears decades out of range, preventing devices from establishing authenticated and encrypted connections.
Telstra operates other NTP nodes across Australia, including in Sydney and Perth. Brady said those units continued operating under the carrier’s standard design.
The outage has also produced thousands of compensation claims from customers and businesses that lost access to Telstra services.
Chief financial officer Michael Ackland told the hearing that Telstra had received about 8000 compensation requests and had paid approximately $100,000 at that point.
Ackland says larger claims were still being assessed, meaning the final cost of the outage remained uncertain.
Telstra has appointed Technology Audit Partners to conduct a full investigation into the incident, including the technical failure and the internal processes surrounding the undocumented change.
The inquiry will need to determine not only why the GPS firmware remained unpatched, but how a temporary workaround altered critical infrastructure without being properly recorded.

