T-Mobile faces backlash after consumer data loss
Share
T-Mobile is facing consumer backlash after it was revealed that an employee had been selling customer data to third party companies.
The mobile operator has admitted that an employee is facing prosecution after selling personal details of thousands of British customers to rival companies in an alleged major breach of data protection laws.
In a statement, T-Mobile UK, part of Deutsche Telekom, said it had contacted the Information Commissioner’s Office (ICO) after discovering an employee was passing on the information and it believed the investigation would result in a prosecution.
“While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry,” the company says.
Information Commissioner Christopher Graham said the data was sold for “substantial amounts of money” to brokers working for other mobile phone companies.
The privacy watchdog said it planned to prosecute and would push for jail terms for anyone convicted. Rival companies bought the information and used it to make cold calls to the customers offering them a new contract with a new network.
Latest Jobs
Marketing Manager
Ball & HoolahanDirect Marketing Manager
TNT PostMarketing Manager
SugarfreeMarketing Manager
StralforsCommunications Officer
University of Oxford
Job of the Week
Jobs Search
Top Jobs
Latest Jobs
Marketing Manager
Ball & HoolahanDirect Marketing Manager
TNT PostMarketing Manager
SugarfreeMarketing Manager
StralforsCommunications Officer
University of Oxford
Readers' comments (5)
Paul Eveleigh, EHS Brann Discovery | Wed, 18 Nov 2009 11:39 am
The recent news concerning the theft of mobile telephone renewal contract information by employees from German operator T-Mobile, which has subsequently been sold on to several brokers, highlights the fundamental requirement for robust data governance within any organisation storing personal information.
A comprehensive data governance strategy should have multiple objectives, but its primary focus must be on ensuring the security and proper use of customer information through good audit controls. These may include disabling USB Storage ports and CD/DVD writing on PC’s, deploying full laptop encryption, securing data areas both logically and physically, controlling and auditing data movement. All such actions can mitigate against data loss and theft.
With endless data breeches reported in the press over the last year and a general mistrust by consumers of companies and brands who collect their personal information, demonstrating a clear compliance with data management best practice should be the very least such a strategy should deliver. Beyond this, data governance has the potential to become more than a safety net to help organisation’s avoid breaking Data Protection, other legislation and best practice. A comprehensive governance strategy can be instrumental in supporting an organisation in more effectively managing and utilising customer insight; vital in the context of business today, where recognition of the central role customer understanding has to play in guiding and enriching every interaction between consumer and brand becomes ever clearer.
Unsuitable or offensive? Report this comment
james collins | Wed, 18 Nov 2009 12:58 pm
Or better still get robots to work with customer data; reason is you cannot trust humans. If an individual with access has malicious intent there really is no way to stop them files with customer information can still be compressed and emailed.
Unsuitable or offensive? Report this comment
John Pooley, The Data Partnership | Thu, 19 Nov 2009 11:28 am
T-Mobile has been unfortunate on this occasion, but companies such as these have to put their trust within the technical people that work within their organisation who have access to such information. The people that have this responsibility should be vetted thoroughly and not have full access to this kind of information on their own. Those people guilty of selling this data obviously have no regard for people’s personal information and are oblivious to the impact this type of theft has on both the company and consumers in general; consequentially they should be punished for their actions.
The effect on the industry will be greater given the amount of publicity this story has attracted and further emphasis will be put onto those companies that hold such data to tighten up their security so that this doesn’t happen again. The general public will react in the worst possible way, conscious that there are far more personal bits of information held on them, such as financial information which they would not want to fall into the wrong hands or be shared outside of where the information should be held. Identity fraud has been a big topic in the past and this is another large blow to the industry which we could all do without.
Unsuitable or offensive? Report this comment
Ray Chapman | Thu, 19 Nov 2009 1:54 pm
I started work for T-Mobile last year and it soon becamse apparent to me that they had massive holes in their IT security - enough to drive a coach and horses through. They had no IT Security Manager in place or anybody seemingly in control. I offered to tell them how people could steal their confidentail data, but they completely ignored me. Guess you reap what you sow, eh?
Unsuitable or offensive? Report this comment
Cath | Mon, 23 Nov 2009 12:27 pm
The major failure in this (aside from the data being stolen) is the complete lack of any statement/reassurance on T-Mobile's consumer site - hardly going to reassure curent and potential customers when they go there after hearing the news.
Unsuitable or offensive? Report this comment