“ICANN considers this to have been one of the more serious breaches of its policies by an accredited registrar. We are also very concerned by Melbourne IT’s explanation that the incident happened because Melbourne IT had purportedly ‘delegated’ to a reseller the critical responsibility for obtaining the consent of the registrant prior to submitting a transfer request to the registry [...] While we appreciate Melbourne IT’s report that it has withdrawn the offending reseller’s ability to independently initiate transfers, Melbourne IT has indicated that it intends to continue to operate under agreements with other resellers that provide that Melbourne IT will not directly and independently verify the intent of registrants prior to initiating transfer requests.”
http://www.smh.com.au/news/Breaking/ICANN-review-blames-Melb-IT-for-hijack/2005/03/15/1110649182358.html