T-Mobile workers accused of selling customer data

Summary:The Information Commissioner's Office is investigating accusations that T-Mobile employees sold millions of customer details

Employees of T-Mobile have been accused of selling millions of customer records, and could be prosecuted by privacy watchdog the Information Commissioner's Office.

The data alleged to have been sold included customers' names, mobile numbers, contract details and the expiry dates of those contracts, an ICO spokesperson told ZDNet UK on Wednesday.

The ICO said the records had been sold through brokers to rival mobile firms, so those firms could cold-call T-Mobile customers when their contracts were due to expire, in order to offer them alternative contracts. The records were sold for substantial amounts of money, according to an ICO press statement on Tuesday.

The news that a mobile operator had been involved in a serious data breach was revealed on Tuesday in a submission by the ICO to a Ministry of Justice consultation. The consultation is asking whether custodial sentences for reckless data breaches would be appropriate.

An accompanying ICO press statement did not specify which mobile operator had been involved. However, it emerged through reports on Tuesday that T-Mobile had kicked off the ICO investigation when it approached the watchdog with concerns about its employees.

T-Mobile said in a statement on Wednesday that other parts of the mobile-phone industry had been involved in the misappropriation of customer data.

"While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry," said T-Mobile.

An ICO spokesperson on Wednesday declined to say which phone companies had allegedly bought the T-Mobile customer data, and declined to say if or when the case would go to court.

"It's too early in the investigation to say," said the spokesperson. The ICO is currently preparing a prosecution file.

The maximum fine available to the ICO for reckless data breaches is £5,000. The Ministry of Justice is currently consulting on whether the maximum fine should be raised to £500,000.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.