Employees of T-Mobile have been accused of selling millions of customer records, and could be prosecuted by privacy watchdog the Information Commissioner's Office.
The data alleged to have been sold included customers' names, mobile numbers, contract details and the expiry dates of those contracts, an ICO spokesperson told ZDNet UK on Wednesday.
The ICO said the records had been sold through brokers to rival mobile firms, so those firms could cold-call T-Mobile customers when their contracts were due to expire, in order to offer them alternative contracts. The records were sold for substantial amounts of money, according to an ICO press statement on Tuesday.
The news that a mobile operator had been involved in a serious data breach was revealed on Tuesday in a submission by the ICO to a Ministry of Justice consultation. The consultation is asking whether custodial sentences for reckless data breaches would be appropriate.
An accompanying ICO press statement did not specify which mobile operator had been involved. However, it emerged through reports on Tuesday that T-Mobile had kicked off the ICO investigation when it approached the watchdog with concerns about its employees.
T-Mobile said in a statement on Wednesday that other parts of the mobile-phone industry had been involved in the misappropriation of customer data.
"While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry," said T-Mobile.
An ICO spokesperson on Wednesday declined to say which phone companies had allegedly bought the T-Mobile customer data, and declined to say if or when the case would go to court.
"It's too early in the investigation to say," said the spokesperson. The ICO is currently preparing a prosecution file.
The maximum fine available to the ICO for reckless data breaches is £5,000. The Ministry of Justice is currently consulting on whether the maximum fine should be raised to £500,000.
Talkback
Both should be applied to all involved irregardless of when and where each of them where involved both those selling and those buying, the fines applied should be MASSIVE, BIBLICAL, and so should the jail times.
If you need reason enough to justify the punishments then simply put it down to the equivalence of them having Burgled as many customer homes, as well as selling and others knowingly buying stolen goods, but on a massive scale.
Punishment needs to be proportionate to the crime, and its a MASSIVE crime.
I'm on T-mobile explains some of the calls I had 12 mths ago...
If I get em next March I will complain!
I'm with them myself I haven't had as many cold calls though, but I have being inundated with third party text message promotions.
Would that be like Nokia pushing ovi store to an android user?
Just a mish mash of all types really, I just delete them and tend not to take to much notice, but you do start to wonder where there getting your details from.