T-Mobile staff sold customer data

The personal data of thousands of mobile phone users has been sold by staff at one of the UK's major mobile phone firms.

The personal data of thousands of mobile phone users has been sold by staff at T-Mobile.

The Information Commissioner's Office (ICO) said investigators have been working with the mobile phone company. It had suggested to the ICO that employees allegedly sold details relating to customers' mobile phone contracts, including when their contracts expire. The ICO investigation revealed that the information has been sold on to several brokers for large sums.

Information commissioner Christopher Graham said, "We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data.

"We will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence. The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent."

Mark Tickle, EMEA managing director at security supplier Webroot, said, "We support the information commissioner's decision to take this offence seriously, as Webroot has seen many cases where customers' data is being used illegally and organisations' reputations are being damaged.

"Although it's still unclear how the data was distributed in this case, recent analyst research has revealed that web e-mail or web postings account for 37% of information leaks, and that more than one in five outgoing e-mails has contained content that poses a legal, financial or regulatory risk. Organisations should ensure their incoming and outgoing emails are tracked properly to ensure confidential information stays within the organisation."

Read more on IT risk management