T-Mobile personal data sale scandal update

As it is a few days since my original post about this I thought I would check the T-Mobile website again since they haven't had the decency to respond to my email asking whether my data was compromised.

This update is now available on their website;

"Update

T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was allegedly being passed on by an employee to third parties without our knowledge, we alerted the Information Commissioner’s Office. Working together with the ICO, they conducted an extensive investigation which we believe will lead to a prosecution.

We believe that this breach happened between July 2007 and November 2008 and that it was only contract renewal data that was passed on. While it is deeply regrettable that customer information has been misappropriated in this way, it should be noted that the stolen data did not include call records, financial data, password details or any other information that would enable someone else to access customers’ personal details.

Since the breach of information occurred more than a year ago, we believe that the current impact on customers will be minimal. We continue to support the ICO to help stamp out what is a problem for the whole industry.

T-Mobile Forum team"

What annoys me is that they are being so dismissive, "we believe....that it was only contract renewal data...was passed on", so, they don't actually know what data their own staff were accessing to sell on.

I hope the Information Commissioner fines T-Mobile as well as jailing the person who actually did the deed as it were, plus the brokers, because they clearly knew they were breaching data protection legislation.

T-Mobile claim no personal financial data has been compromised

Over on T-Mobile's website, once you go to the home page and find the small pink button "Information on T-Mobile data being sold to third parties", which is dwarfed by the latest deals from T-Mobile there are three statements from T-Mobile.

The first, including typo's (four in one statement) is here "T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commssioner's Office. Working together, we identified the source of the breach which led to the ICO conducting an extensive investigation which we believe will lead to a prosecution. Whilst it is deeply regrettable that customer information has been misapproriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry.

We had been asked before today to keep all information on this case stricly confidential so as to avoid prejudice to the investigation and prosecution. We were therefore surprised at the way in which these statements were made to the BBC today.'

As soon as we have any further information available it will be posted in this thread. Please do not call customer services if you have read this thread as they are unable to provide any information beyond the statement above. As soon as we have any more information it will be pblished here.

T-Mobile Forum Team"

Then there is a much smaller one posted an hour after the original.

"T-Mobile is able to confirm that NO financial data has been passed on to any third parties.

T-Mobile Forum Team"

Although I am sure this is supposed to stop customers worrying, I am not sure it will work.

Anyway, statement number three also went out last night.

"T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner's Office (ICO). It should be noted that the records were restricted to historical information on customers whose contracts were coming up for renewal in a 15-month period up to December 2008. The customer information that was compromised contained no personal financial or security-related information whatsoever.

We were proactive in engaging with the ICO to identify the source of the breach. The ICO is conducting an ongoing investigation which we believe will lead to a prosecution. While it is deeply regrettable that customer information has been misappropriated in this way, information passed on to third parties was restricted to the customer name, address and contractual renewal information. We continue to work with the IC to help stamp out what is a problem for the whole industry.

T-Mobile Forum Team"

So, apparently T-Mobile takes all of this data protection stuff quite seriously, although my question is this, if they have now secured the breach and identified the source of the leak, they must also know which customers data was compromised?

How about contacting them and worrying about them rather than worrying about statements made to the BBC?

Care about your customers not about your image and they may well do the image repair work for you.

Just a thought.

If you want to see the latest statements from T-Mobile, visit their forum page.

T-Mobile sold personal data details to brokers

Staff at one of Britain's main mobile phone companies have been caught selling customers personal data onto brokers, who then sold it onto other mobile phone companies. While I am delighted that the Information Commissioner is taking action on this important matter I really do think he should name the companies concerned.

If I am one of those millions of customers affected I want to know so I can take action to ensure my personal data is secure with that company and also have the choice to change company.

The companies that then went on to buy the data were ringing customers as their contracts neared expiry, taking customers away.

The Information Commissioner, Mr Graham wants a prison sentence in order for those who sell data onto a third party to be properly prosecuted rather than just face a paltry fine, which does not deter those who specialise in stealing and selling the data on.

It is time to get tough, but my message to the Information Commissioner is get the case into court asap so those who have been let down by the original company and those companies who then purchased the data, it is also about giving us the choice to choose.

UPDATE at 19.10
When I first wrote this blog post the company had not been named by any of the main media outlets or the Information Commissioner. However, mobile phone companies 02, Vodafone, Orange, 3 and Virgin were quick to say they were not the subject of the investigation by the Information Commissioner, and it was only then that T-Mobile confirmed it was them.

So, it is indeed the very mobile phone company I had hoped it wasn't, T-Mobile. I am now concerned how secure my data is with them as they hold personal data of mine.

If you are a T-Mobile customer and want to get in touch with them to see how this was allowed to happen here is the link to their contact page.