T-Mobile staff sold customers' details to rivals

Personal information held on millions of accounts passed on in major case of sabotage

Amy Fallon
Tuesday 17 November 2009 20:00 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The records of millions of T-Mobile customers have been sold to rival phone companies in one of the biggest cases of industrial sabotage in recent years.

The Information Commissioner's Office (ICO) said employees at the German-owned firm appeared to have passed the confidential details of accounts to several brokers in return for "substantial sums of money".

The scam emerged in the ICO's submission to the Government on penalties for deliberate data theft. It involved the sale of millions of individual pieces of data of thousands of phone users, the ICO said.

The third parties are thought to have cold-called customers whose contracts were due to expire, on behalf of rival networks, offering them cheaper calls, phone upgrades or other inducements in a practice known in the industry as "slamming".

T-Mobile called in the ICO, the data watchdog, once it became aware of the breach. When the investigators raided addresses, they found that the scam involved millions of records.

The German-owned company expressed anger that the media had been alerted to the breach when it had believed it would be kept out of the spotlight until the case came to court. "T-Mobile takes the protection of customer information seriously," Britain's fourth largest mobile operator said. "When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the ICO.

"We had been asked to keep all information on this case strictly confidential so as to avoid prejudice to the investigation and prosecution," the company added. "We were therefore surprised at the way in which these statements were made [by the ICO]."

The Information Commissioner, Christopher Graham, divulged the existence of the scam as he called for tougher sentences on individuals who breach data protection laws.

He did not at first name the operator involved, saying it could prejudice a prosecution, but said the stolen information included names, addresses, telephone numbers and other contract details.

But after Orange, Vodafone, 3, Virgin and 02 said they were not the subject of an investigation, T Mobile was forced to confirm its involvement.

Mr Graham said: "Many people will have wondered why and how they are being contacted by someone they do not know just before their existing phone contract is about to expire.

"We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data."

The Justice Secretary, Jack Straw, is consulting on whether to introduce jail terms for breaches of Section 55 of the Data Protection Act from 1 April 2010.

Jill Johnstone, director of Consumer Focus, said: "Those responsible for trading the personal details of mobile users should face a tough penalty. This is a serious incident and shows the need for tighter data security among mobile phone providers. Customers at risk should be informed immediately and put on alert about marketing calls."

Shadow Justice minister Eleanor Laing said: "We need a beefed-up information commissioner with a full set of punitive strings to his bow, including the power to fine organisations."

The Liberal Democrat home affairs spokesman Chris Huhne said: "This sorry episode questions the Government's wisdom in getting communications providers to hoard increasing amounts of information about us."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in