Slashdot Mirror

← Back to Stories (view on slashdot.org)

T-Mobile UK Employees Sold Customers' Information

Posted by kdawson on from the gone-rogue dept.

angry tapir writes "Workers at T-Mobile UK have been selling customer data to brokers who worked for the competition, according to T-Mobile and the UK's Information Commissioner's Office. Criminal charges are being prepared. 'Many thousands' of customers' account details, millions of records, were sold to several brokers for substantial amounts of money, the ICO said. In an announcement (PDF) from the ICO, the agency does not name the operator involved, but T-Mobile acknowledged that it had alerted ICO about the data breach. The BBC reports that after the other mobile operators said they were not the subject of the investigation, T-Mobile confirmed its involvement."

23 of 65 comments (clear)

  1. T-Mobile Customer by dch24 · · Score: 3, Interesting

    I'm a T-Mobile Customer. I think they did the right thing, coming forward when it was obvious they had a data breach.

    I like T-Mobile, especially because they have great customer support. I have a friend who got overbilled by a lot, and decided to settle instead of going to court over it. My experience with the company though has been pretty good. I'm staying with them.

    1. Re:T-Mobile Customer by fuzzyfuzzyfungus · · Score: 5, Funny

      -1 Stockholm Syndrome.

      "But the ETF is so high becomes he loves me..."

    2. Re:T-Mobile Customer by dch24 · · Score: 2, Informative

      Ha ha. If only I were an AT&T customer ...

      I'm not the only one who likes T-Mobile for their customer support.

    3. Re:T-Mobile Customer by breadstic · · Score: 2, Interesting

      Are you a TMobile UK (or US or Germany or wherever else TMobile do business) customer?

      I'm a TMobile UK customer (because I wanted the G1), and my personally customer support experiences with them have been pretty terrible. They refused to pause my contract when I came traveling (whereas other UK telecommunications companies will do so), they lowered the price of the contract a week after I bought my G1 and wouldn't let me downgrade to the lower tariff and every time I talk to them, they just seem unwilling to help...

      I'll be happy when my contract expires in February and I'll be able to move back to Orange or O2...

      But maybe that's just me... Maybe they just hate me... :(

    4. Re:T-Mobile Customer by 1s44c · · Score: 4, Informative

      I'm a T-Mobile Customer. I think they did the right thing, coming forward when it was obvious they had a data breach.

      Data breach? That was a few months ago when they lost their entire customer database along with credit card numbers. This time they sold their data.

      T-Mobile are the worst phone network going. Their coverage sucks, their customer service sucks, they are willing to abuse their own customers to make a few quid. The only thing going for them is the price.

  2. T-Mobile Operator by Pessimist+Cynic · · Score: 2

    I'm an operator for T-Mobile and I'll only confirm my involvement after all the operators say they are not the subject of the investigation.

  3. Sold to competitors by MorderVonAllem · · Score: 5, Insightful

    At what point do the competitors have to take responsibility for purchasing the data? It seems that they should have known the data wasn't kosher.

  4. No surprise by roc97007 · · Score: 4, Insightful

    The likelihood of valuable data being exploited is proportional to it's marketability. The more important the data, the more likely it will be stolen or otherwise exploited. It doesn't matter if it's a company, a utility or a government.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  5. Vote with your feet by Gandalf_the_Beardy · · Score: 2, Interesting

    I've cancelled direct debits and my contract. Vote with my feet - if they want to be fool enough to sue me for the loss of the contract then they can expect to get countersued for the cost of credit monitoring. Until people start slapping the companies hard by refusing to do business with them this will carry on the UK data protection *laws* are good, but the *penalties* are worthless as a deterrent. It seems they siphoning off millions records. They dont leave the building scribbled down on bits of paper - there is a whole question of access here and how so many people could take this much data for long undetected.

    1. Re:Vote with your feet by ndogg · · Score: 3, Informative

      I've cancelled direct debits and my contract. Vote with my feet - if they want to be fool enough to sue me for the loss of the contract then they can expect to get countersued for the cost of credit monitoring. Until people start slapping the companies hard by refusing to do business with them this will carry on the UK data protection *laws* are good, but the *penalties* are worthless as a deterrent.

      Whom? T-Mobile?

      You must be a hit at restaurants. When the waiter gets your order wrong, I'm betting you tell everyone there to not eat at that restaurant again.

      "When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner's Office.

      It seems to me that T-Mobile did the right thing, and contacted the authorities once they figured out what was going on. You want to punish them for that?

      Although, you didn't specify anyone. Perhaps you meant the companies that bought information?

      --
      // file: mice.h
      #include "frickin_lasers.h"
    2. Re:Vote with your feet by stiggle · · Score: 3, Funny

      Contact the ICO and find out if your data was included in the sold information.
      Then sue T-Mobile for not protecting your personal data.
      Then after the court cases, sue the T-Mobile staff who stole the data, the brokers who sold the data, and the other network operators who bought the data.

      T-Mobile customers could if they play this right make a tidy sum of money from sueing the people involved. Remember to get in early before the other customers and ex-customers clean up.

      Of course the real way to handle this is to put a price (say, minimum annual contract price x number of customers) and then use **AA accounting methods and sue those involved for copyright infringement of the data :-)
       

  6. Not exclusive to T Mobile by onetwofour · · Score: 4, Interesting

    I wish this problem was exclusive to T Mobile, I really do. The sad thing is that I've been on two different networks and somehow firms seem to get hold of my mobile number and start calling me offering me an upgrade. The most accurate firm was one who had my full Orange account details, so why wouldn't you trust a firm who knows where you live? When I reported this to Orange they acted surprised but did absolutely nothing about it, probably because data is flowing far too freely around their organisation. My current provider isn't immune either, around 12 months on my previous contract with O2 I had multiple companies each trying to sell me a new contract. They claim it's just on an autodialer of numbers to call and have no personal information about me. However the fact that someone knows I'm on O2 means enough personal data is leaking.

    1. Re:Not exclusive to T Mobile by oPless · · Score: 2, Insightful

      Can somebody say "Data protection act" ?

    2. Re:Not exclusive to T Mobile by Ortega-Starfire · · Score: 3, Funny

      If you read the article, someone has.

      I know, I just come here for the stellar conversations.

      --
      ---- Liquid was a patriot ----
    3. Re:Not exclusive to T Mobile by petejk2 · · Score: 5, Interesting

      High street retailer is assigned numbers to connect in sequential order in lists hundreds at a time: e.g 07738 400500 to 07738 400900 Joe public walks in and buys a handset on contract with a new number 12/18 months later gets a call from a company to sell him a new deal. Asks why? All that company has done is sent someone into said high street retailer, asked to see the phone numbers list on screen and pick one out That person know that in a 12/18 months time he can plug that number range into his dialer with a high probability that his company will be able to do some business! Leakage of personal data? No. Laughably simple scam? Yes

    4. Re:Not exclusive to T Mobile by RMH101 · · Score: 3, Informative

      Yep, it's really common in the UK. The sleazier operators will phone up and say they're from "your phone company", give the impression that they're your current supplier offering you a free upgrade. If you're Joe Sixpack it can be pretty easy to get scammed this way

  7. And why shouldn't they? by Scannerman · · Score: 5, Insightful

    The entire UK (Is it any different elsewhere?) Mobile Phone industry works on ethical standard that would shame organised crime, among the many abuses I've come across :

    * Deceptive tariffs, resulting in unexpectedly large bills, especially the roaming data ( I used to handle the phone admin for a medium sized company, we had a user come back from overseas trips with bills up over a thousand pounds when the free roaming data the salesman told us we'd bought turned out to have a fair use limit of 10MB...)

    * The reverse billing text message scam - some of the companies operating this make tens of millions, and have been fined hundreds of thousands for repeated abuses - they are still in business.

    * your bank details get passed on and you are billed for insurance you never asked for

    * BUYING the stolen data

    Think of these guys as a bit like Chris in the Sopranos, They got impatient and wanted a piece of the action for themselves. They may get a slap on the wrist, but the business is full of worse criminals.

    1. Re:And why shouldn't they? by mjwx · · Score: 4, Informative

      The entire UK (Is it any different elsewhere?)

      Well in nations that have a government willing to keep telco's in line, like in Australia.

      Waiting for the inevitable extremist right wing mod down for suggesting that regulation can actually help the consumer by making sure businesses adhere to the rules.

      OK, things aren't perfect here in Australia, but abuse is kept to a minimum as it only takes one phone call to the TIO (Telecommunications Industry Ombudsman) to sort things out if my telco screws me and if the TIO finds merit in my claim the Telco is ordered to pay for the TIO's investigation as well as any punishment that is handed out.

      I'm with Three (Hutchinson) here in Oz and apart from the gratuitous advertising which is free (fair enough, I haven't asked them to stop yet) serivce has been adequate, all fees and charges were made known up front and were also itemised on my bill.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  8. patterns by Anonymous Coward · · Score: 2, Informative

    Detect abuse (rising to the level of unauthorized access) of access privileges to access a handful of records? Very hard.

    Detect abuse of access privileges that constitute unauthorized access to "millions of records"? Very easy. It's all about automatically flagging abnormal or unusual patterns of accesses so that they can be audited to determine if they were authorized (highly unlikely at that volume difference) or unauthorized.

    But first the data/system owner has to care about unauthorized access. The DoD and other owners of classified data care. Heck, credit card companies (in the form of their fraud departments) care. Demonstrably T-Mobile UK did not care about unauthorized access.

  9. Taking measures by UnixUnix · · Score: 2, Interesting

    I provide a slightly different version of my personal data each and every time I need to give them out. Thus if they are leaked/sold/whatever I know who did it, and possibly whom to blame/drop/sue. [Actually, I'm a T-Mobile customer and I haven't had problems. Then again, I don't live in the UK :) ]

  10. Re:Who bought the stolen records? by itsdapead · · Score: 3, Informative

    So.. who actually bought the stolen records if T-mobile employees sold them to other operators but no other operators were involved?

    Ans: Third party phone retailers (or, at least, their employees). Not the sort that sell SIM-free phones, the sort that act as agents for the networks and mostly sell phones on contract.

    At least, that's who I was getting cold-called by when my T-Mobile contract ran out. Of course, they did their best to use weasel words to imply that they were calling from T-Mobile without actually saying so.

    I assume that the game was to try and get you to sign a new T-Mobile contract with them as agent, so they would get the commission.

    --
    In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
  11. Re:I wonder what celebrities do... by rapiddescent · · Score: 4, Informative

    Interestingly, some of the UK mobile operators have bankers licences and are therefore governed by the FSA (financial services authority). The FSA defines a PEP marker (Politically Exposed Person) on records and these typically have greater sensitivity than the rest and each access is audited. Anyone who thinks they are 'famous' can become a PEP on request - politicians, david beckham's, recognised government officials, company execs are using this device more and more.

    Whilst it might seem like a good idea to register yourself as a PEP (e.g. I'm famous on slashdot), it can be a pain in the arse because some banks etc will not send out new credit cards directly to a PEP.

    Using alias's is illegal if done incorrectly. Using an alias as a "stage name" is OK for celebs, but not so great for politicians. Also, it's not a great idea to buy a phone contract with an (!deedpoll) alias.

  12. It's not just TMobile. by CountBrass · · Score: 2, Insightful

    I have my 'phone with 02 and I've been getting these cold calls as well.

    --
    Bad analogies are like waxing a monkey with a rainbow.