From: Jon Turner (jjturnergmail.com)
Date: Tue Nov 17 2009 - 14:19:00 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.guardian.co.uk/uk/2009/nov/17/t-mobile-phone-data-privacy

The personal details of thousands of mobile phone customers have been stolen
and sold on to rival firms in the biggest data breach of its kind, the
government's privacy <http://www.guardian.co.uk/uk/privacy> watchdog said
today.

An employee of the phone operator T-Mobile sold the personal records of
customers, which included details of when their mobile phone contracts
expired. The millions of items of information were then sold on for
"substantial sums", the Information Commissioner's Office (ICO) said. Rival
networks and mobile phone retailers were then able to use it to try to lure
away T-Mobile customers by "cold calling" them.

The ICO is pushing for stronger powers to halt the growing unlawful trade in
personal data, which is understood to be on the increase as a result of
cut-throat competition among the mobile phone companies. They pay hefty
commissions to anyone signing up new customers to long-term contracts, which
can last as long as two years.

The ICO did not name the network at the centre of the allegations, but a
spokesman for T-Mobile confirmed that it had "proactively" approached the
watchdog when it unearthed evidence that an employee, who has since left the
company, had been illegally selling customer account details. "We have since
put systems in place to minimise the risk of it happening again," a T-Mobile
spokesman said.

The employee is alleged to have sold details, including information about
when individual customers were due to come to the end of their contracts, to
a number of "brokers", who then sold that data on to rival networks and
mobile phone retailers.

"The number of records involved runs into the millions, and it appears that
substantial amounts of money changed hands," the ICO said.

T-Mobile's rivals were then able to target specific customers to try to
persuade them to sign new contracts. The ICO said it had already raided a
number of premises in the course of its investigation and was preparing a
prosecution file.

"Many people will have wondered why and how they are being contacted by
someone they do not know just before their existing phone contract is about
to expire," said the information commissioner, Christopher Graham. "We are
considering the evidence with a view to prosecuting those responsible and I
am keen to go much further and close down the entire unlawful industry in
personal data."

T-Mobile expressed "surprise" that the ICO had decided to go public with the
investigation before bringing the case to court. "Up until today, we were
asked to keep this issue confidential for legal reasons, and we are
surprised to see this has been made public," a spokesman said.

But the ICO is pushing for breaches of data protection law to be punishable
with prison sentences rather than merely fines. News of the mobile phone
scam emerged as part of the watchdog's submission to a Ministry of Justice
inquiry into the use of prison sentences for the known or reckless misuse of
personal data.

To back up its call for custodial sentencing, the ICO said it is also
investigating a separate case in which forged identity documents were used
to gain unlawful access to 41 people's credit files held by a credit
reference agency. The police, meanwhile, have investigated a number of
incidents where their own staff have unlawfully accessed people's personal
details from the olice national computer.

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]