T-Mobile at centre of illegal data sale investigation

Employees at T-Mobile’s UK operation have been identified as the culprits in the illegal sale of subscriber data affecting “many thousands of customers”.

UK privacy watchdog the Information Commissioner’s Office (ICO) launched a criminal investigation after a mobile telephone company – since revealed to be Deutsche Telekom owned T-Mobile – discovered that some its employees allegedly sold details relating to customers’ mobile phone contracts, including their expiry dates.

The information was allegedly sold on to T-Mobile’s competitors – which might be rival operators Vodafone, O2, Orange, or 3, or any number of third party brokers which were using the material to cold call customers prior to contract expiry dates to offer them an alternative contract – but at the moment the ICO is not saying how far its investigation will extend.

“The ICO has investigated and it appears that the information has been sold on to several brokers and that substantial amounts of money have changed hands. The ICO has obtained several search warrants and attended a number of premises, and is now preparing a prosecution file.”

According to our legal sources, this sort of thing is a legal grey area. If a company is buying this sort of data then it’s obliged to check that that the data was sourced legitimately.  But if the data passed through quite a few hands, like it may have in this case, an operator’s data controller could have asked the broker they bought the data from if it was legitimately sourced by way of covering itself.

But Information Commissioner Christopher Graham is using the incident as a platform to highlight the “existing paltry fines” for such offences and call for a greater deterrent in the form of a “custodial sentence” to better stop the unlawful trade in personal information.

Graham is backing the government’s proposal to introduce a custodial sentence for so called breaches of Section 55 of the Data Protection Act from April 1, 2010.

“We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data. But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence,” Graham said.

“More and more personal information is being collected and held by government, public authorities and businesses. In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater. If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential.

“A custodial sentence will also have the added benefit of making the section 55 offence a recordable one and open up the possibility of extradition in appropriate cases,” he said.

[icit_ranker object_id=33 ]


  1. Avatar Simon 18/11/2009 @ 2:32 pm

    I’m looking at the positive/negative score as I read the article. How on earth can the perception of T-Mobile be 48% positive? Methinks somebody is manipulating the feedback.

    • Avatar James Middleton 18/11/2009 @ 3:44 pm

      Hi Simon,

      This is an aggregate score from across all articles featuring T-Mobile since we introduced the Index. So regardless of the nature of the article you are viewing, the score will still represent the general perception of the company.

      As you can see, T-Mobile’s Perception score is heading south due to this news.

      • Avatar Simon 19/11/2009 @ 1:19 pm

        James – Ah, I get you. D’oh! Obvious now that you say it. And since, T-Mobile’s (general) score has fallen heavily!

  2. Avatar Tony 18/11/2009 @ 4:28 pm

    @ James –

    Interesting that O2 are not listed in the Operators – they’re not BT anymore.
    Curious to see Orange in negative territory – but I guess the score reflects public opinion

    • Avatar James Middleton 18/11/2009 @ 4:54 pm

      Hi Tony, the O2 absence has been noted and fixed. Given that we only recently launched the Index and the list of ops is so long, this bit is a work in progress.

      As for Orange – I suspect it’s the consumer vote in the wake of the revelation about the iPhone data limit. But by that token I’m surprised that the news about Orange and Twitter didn’t swing it back…

  3. Avatar Eddy 19/11/2009 @ 10:06 am

    Hmmm? All operators are doing this anyway so there’s nothing new. Pity that T-Mobile were not tactful. The banks, mortgage originators, insurnace companies and even car hire firms are in on the game.

  4. My company has been approached by networks in the past about this problem – it’s a major concern in the industry.

    There are a range of tactics used to get customer data about the networks people use, their specific accounts and even if they have insurance for their phone. Companies then use this information to contact a customer, offer them a better deal and steal their business – it’s commercial espionage and theft of data on a massive scale. It also undermines networks providing good services to their customers.

    The risk is often the ‘trusted insider’ who goes bad – and technical security procedures and policies alone won’t prevent it. Networks need to diagnose the problem up-stream, getting to grips with their customer data and monitoring how it (and hence the customer base) behaves as a whole over time. It’s important to understand the big picture in terms of your customers’ behaviour – the problem with mobile phone networks is that they have hundreds of thousands of customers. Can you imagine a smaller business failing to know its clients, unconcerned about whether they retain them and not watching for signs of competitors stealing them away?

    By continuously auditing, monitoring, assessing and diagnosing their client base it’s possible to see problems as – or even before – they occur. If the technology notices that a particular pattern of standard behaviour starts to become erratic or considerably changes, something might be afoot. We specialise in this kind of monitoring, letting networks know the state of health of their client base and helping to control the conditions that retain customers and protect them from fraudsters.

    Another tactic used by unscrupulous companies is to use ‘Autodialler’ machines, which randomly dial phone numbers using smart calculators. They already know the type of number generally owned by each network, then callers use social engineering techniques to find out more about the customer’s account and offer what appears to be a better deal and also win the insurance business for the phone. Together this can be very lucrative.

    The difference between an Autodialler and a data thief is that the Autodialler doesn’t need to enter the company database. Some may say this is fair game but that couldn’t be further from the truth – left unchecked this situation can develop into a continuous ‘churning’ of customers, driving prices even lower so service suffers, customers suffer and the businesses involved become difficult to control and manage. It undermines the economic basis for developing good standards by service providers; if the problem grows then the temptation for everyone to do it is overwhelming. We should remember that these businesses employ people, provide taxes for the economy and develop new technologies we can sell internationally. It is not in anyone’s long term interests to engage in this. In the short term the ‘sharks’ using Autodiallers make vast amounts of money but inevitably someone will try it on their service provider as well. And, so the story goes on….

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


There are no upcoming events.


Do you agree public funding should be used to support mobile operators to more broadly deploy Open RAN?

Loading ... Loading ...