11-December-2009, 22:09
|
|
Screamager
|
|
Join Date: Feb 2005
Posts: 1,593
|
|
T-Mobile customer data theft ICO kept public in dark
http://news.bbc.co.uk/1/hi/uk/8364421.stm
T-Mobile staff sold personal data
17 November 2009
Staff at mobile phone company T-Mobile passed on millions of records from thousands of customers to third party brokers, the firm has confirmed.
Details emerged after the firm alerted the information commissioner, who said his office was preparing a prosecution.
Christopher Graham said brokers had sold the data to other phone firms, who then cold-called the customers as their contracts were due to expire.
A T-Mobile spokesman said the data had been sold "without our knowledge".
Mr Graham, who was appointed earlier this year as the watchdog responsible for safeguarding personal information, said the data breach was the biggest of its kind.
He added that the case illustrated why there needed to be a prison sentence to prevent people from selling private data to third parties.
Mr Graham confirmed his office was preparing a prosecution against those responsible for selling on T-Mobile data.
Justice Minister Michael Wills told the BBC that there was a "strong case" for introducing custodial sentences to prevent the trade in illegal data.
Search warrants
Initially Mr Graham had said he would not name the operator involved as it could prejudice a prosecution.
But after phone firms 02, Vodafone, Orange, 3 and Virgin said they were not the subject of his investigation, T-Mobile confirmed it had been.
Mr Graham said investigators had been working with the company after it reported suspicions of an unlawful trade in customers' data.
The team from the Information Commissioner's office obtained search warrants to enter premises and have also interviewed employees.
Mr Graham said: "Many people will have wondered why and how they are being contacted by someone they do not know just before their existing phone contract is about to expire.
"We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data.
"But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence.
"The existing paltry fines… are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent."
'Exploiting data'
The Ministry of Justice has been consulting on tougher penalties for illegal trade in personal information.
The Data Protection Act bans the selling on of data without prior permission from the customer and a fine of £5,000 can be imposed following a successful prosecution.
But Mr Graham said that the mobile phone case suggested that people were "driving a coach and horses" through the legislation.
He added: "This is not just about mobile phone companies. It's about private investigators, it's about blagging information from databases for use to put the frighteners on witnesses, attempt to knobble juries, pursue 'nasty neighbour' disputes, interfere in the family courts, difficult divorce settlements.
"Personal data has value and there are people out there exploiting it."
Justice Minister Michael Wills said the government was looking at bringing in tougher penalties to deter the illegal trade in personal information.
He added: "Given the scale of public concern about privacy of their data, I think we have to look at going further and custodial sentences clearly have to be a part of that."
But Conservative justice spokeswoman Eleanor Laing said: "The government's refusal to establish a strong privacy watchdog is nothing short of scandalous.
"We need a beefed-up information commissioner with a full set of punitive strings to his bow, including the power to fine organisations."
Lib Dem Home Affairs spokesman Chris Huhne said the "shameful incident" proved that stiffer penalties "cannot be introduced soon enough".
He added: "This sorry episode questions the government's wisdom in getting communications providers to hoard increasing amounts of information about us."
'Proactively supported'
A spokesman for T-Mobile said the sale of the data had been "deeply regrettable" and that it had been asked to keep it secret to avoid any criminal prosecutions being prejudiced.
He said: "T-Mobile takes the protection of customer information seriously.
"When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner's Office.
The spokesman added that the company and the ICO "working together" had identified the source of the breach and that T-Mobile had "proactively supported the ICO to help stamp out what is a problem for the whole industry".
He added: "We were therefore surprised at the way in which these statements were made to the BBC today."
ok
but
http://www.theregister.co.uk/2009/12/09/tmobile_ico/
T-Mobile data scam detected a year ago
Customers in the dark
9th December 2009
The Information Commissioner's Office (ICO) has been investigating the theft and sale of T-Mobile customers' personal data for almost a year, it has emerged.
News of the security breach, which saw rogue staff at the mobile operator divulge contract details to cold-calling marketeers, was only released to customers last month.
According to a Freedom of Information Act response, T-Mobile told regulators about the raids on its database on 16 December 2008.
The ICO today said its investigation is still ongoing. A spokeswoman said it had announced the breach only to highlight its lobbying campaign for new criminal offences to be created for those who abuse personal information.
The ICO did not last month name T-Mobile as the the mobile operator at the centre of the contract data scam, but its rivals quickly denied they were involved.
News that both the firm and regulators have known about the breach is likely to annoy customers who received unexplained and unsolicited marketing calls.
The ICO has previously backed calls for laws to force companies to disclose major data breaches to their customers, but T-Mobile said it was ordered to keep quiet, and was surprised when the ICO issued a press release that made identification by elimination trivially easy for the media. ®
so the ICO and/or police ordered T-Mobile not to disclose the customer data theft to the public in Dec 2008 for fear it would prejudice any criminal prosecutions.
in November 2009 the press published the story after investigating an unguarded statement from the ICO
i smell a rat that's been dead for a year
Last edited by El Gringo; 11-December-2009 at 22:41.
|
Linear Mode
Similar Threads