T-Mobile workers accused of selling customer data

T-Mobile workers accused of selling customer data

Summary: The Information Commissioner's Office is investigating accusations that T-Mobile employees sold millions of customer details

TOPICS: Security

Employees of T-Mobile have been accused of selling millions of customer records, and could be prosecuted by privacy watchdog the Information Commissioner's Office.

The data alleged to have been sold included customers' names, mobile numbers, contract details and the expiry dates of those contracts, an ICO spokesperson told ZDNet UK on Wednesday.

The ICO said the records had been sold through brokers to rival mobile firms, so those firms could cold-call T-Mobile customers when their contracts were due to expire, in order to offer them alternative contracts. The records were sold for substantial amounts of money, according to an ICO press statement on Tuesday.

The news that a mobile operator had been involved in a serious data breach was revealed on Tuesday in a submission by the ICO to a Ministry of Justice consultation. The consultation is asking whether custodial sentences for reckless data breaches would be appropriate.

An accompanying ICO press statement did not specify which mobile operator had been involved. However, it emerged through reports on Tuesday that T-Mobile had kicked off the ICO investigation when it approached the watchdog with concerns about its employees.

T-Mobile said in a statement on Wednesday that other parts of the mobile-phone industry had been involved in the misappropriation of customer data.

"While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry," said T-Mobile.

An ICO spokesperson on Wednesday declined to say which phone companies had allegedly bought the T-Mobile customer data, and declined to say if or when the case would go to court.

"It's too early in the investigation to say," said the spokesperson. The ICO is currently preparing a prosecution file.

The maximum fine available to the ICO for reckless data breaches is £5,000. The Ministry of Justice is currently consulting on whether the maximum fine should be raised to £500,000.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Fine & Jail time...

    Both should be applied to all involved irregardless of when and where each of them where involved both those selling and those buying, the fines applied should be MASSIVE, BIBLICAL, and so should the jail times.

    If you need reason enough to justify the punishments then simply put it down to the equivalence of them having Burgled as many customer homes, as well as selling and others knowingly buying stolen goods, but on a massive scale.

    Punishment needs to be proportionate to the crime, and its a MASSIVE crime.
  • Agree

    I'm on T-mobile explains some of the calls I had 12 mths ago...

    If I get em next March I will complain!
  • Aye...

    I'm with them myself I haven't had as many cold calls though, but I have being inundated with third party text message promotions.
  • Agree

    Would that be like Nokia pushing ovi store to an android user?
  • All types really..

    Just a mish mash of all types really, I just delete them and tend not to take to much notice, but you do start to wonder where there getting your details from.