What other data, and wose data?

As I'm a long-time customer of T-Mo, I am quite concerned about this. I have to wonder whether this was purely limited to end of contract details as the people involved were dishonest scumbags who couldn't care a jot for the privacy of their employer's customers. I'm sure more complete personal and credit information would have netted them much more dough than just my phone number and contract end date.

While I have no complaints at all of T-Mo's handling of this as they were following direction from the ICO, I hope that they are now planning on full disclosure to the people affected and notification to each customer as to whether their data was likely exposed or not.

Conspiracy theory alert.....

Wonder if it was Orange paying for the info to pass to dealers/reps to get a better deal on the merger?

Mines the flame retardant jacket with the official secrets folder in the pocket, and the bag with the stolen government laptop is mine as well.....

£2 a pop

I've seen B2B leads for expiring mobile phone contracts trade for £2 a pop, consumers usually less so. You can bet that it's not just T-Mobile having their data ripped off, they perhaps should deserve some credit for dealing with one of the mobile phone industry's dirtiest little secrets.

I'm on T-Mobile

I'm on T-Mobile and I while back I had a real problem with a company calling up and claiming to be T-Mobile, but it was obvious that they were not.

They said that my contract was up for renewal and so I could have a new phone (my contract was far from its renewal date).

I simply asked them to prove they were T-Mobile by telling me the model of my phone. They told me they didn't have that information. I said that they supplied the phone to me so they must know. They said that they don't keep a record of what phone I buy. "So", I said, "why do I see details about my phone when I log into the T-Mobile website?". Their answer: "Do you want a new phone or what?"

After about 10 calls in the same week from the same bunch I simply started yelling "F**k off!" and putting the phone down. They soon stopped.

Reporting?

1. Your sensationalist headline gives the impression that T-Mobile is itself responsible for the data being sold on, when the story states that the cause would appear to be a loose cannon within the company.

2. The same headline also implies that T-Mobile are somehow being flippant with regard to customer privacy, when in fact their willingness to investigate and co-operate indicates the opposite.

3. I disagree that this has become a cause celebre far beyond it's own importance. Ok, so the data isn't as intrusive as some other examples, but so what? Companies need to start taking this stuff seriously, and rightly so.

Poor reporting indeed.

Disclosure: I don't work for T-Mobile, am not a customer of theirs or have any links of any sort with the company.

Publicity Officers

The reason why cases like this get splashed everywhere is probably this: the press officers for such organisations are assessed/bonused on the amount of coverage, not its quality/meaningfulness.

"Employer catches employees misusing data and takes proper steps to stop it" doesn't drive column inches. Whereas the meaningless term "Data Theft" will garner attention, which can be cited when the press officer is negotiating this quarter's bonus.

Cynical? Moi?

Not that trivial!

"Customer details are in the phone book, and most people will tell you their contract renewal date if you call them up and ask (as cold callers are wont to do)."

Jeez, this might not be a hanging offence but Bill you really are going in the wrong direction with this one. The Register normally takes a decent enough stance on data theft and the need for a greater powers for the ICO.

Which phone book contains customer details? Do you mean the BT one that is now approaching the size of a magazine (if you take out the business listings) as there are hardly any customers who wish to be included in it as they don't want random marketing calls?

How on earth do you feel justified in writing the comment that people will give up their contract renewal date if asked by a cold caller? Where are your sources to back that up? The only empirical evidence I presume you have is that you, yourself, are willing to divulge that information when asked?

The cold callers in this case can use this information to deceive people into thinking they are calling from T-mobile. For example "Hello Mr Johnston, as you are a valuable customer I wish to offer you a great deal on the renewal of your contract next month..."

This goes beyond the irritation of just receiving unsolicited calls.

The other point is that the money that the staff were suposed to be making from these sales is far greater than the maximum fine of £5000 and so there is no disincentive to doing this.

It will still be up to a court to decide the penalty but I can see some cases where a jail term would be warranted and certainly maximum fines that would allow recovery of all money made and more.

Are you really happy that any of your information could be available for sale to anyone else with little repercussions? Credit applications, bank details, shop purchases, travel plans...Really?

Not just T-mobile insiders selling to other providers.

I have under two months left on my T-mobile contract and T-mobile have a very clear "do not sell my details or pass them on without my permission" notification from me. Last week, I had 5 companies call me, all starting with a variation of "Hi, this is T-mobile, your contract is due for renewal", when pressed, they admit they're resellers who've bought my data from T-mobile.

T-mobile deny selling my data when I challenge them, even though the reseller says they got it from T-mobile and there's not too many other ways they could get my name, phone number, address, renewal date, phone type, etc.

@AC - 11:32 - being a bit disingenuous...

"...the ICO didn't splash the story. They said it was a UK mobile phone operator and T-mobile decided to fess up. They could have kept schtum."

Oh, come on. You phone Orange, O2, Virgin, T-Mobile, Vodafone and one or two others, and say "Are you working with the ICO on a data theft case?" All bar T-Mobile say "No"; T-mobile refuse to comment. It doesn't take Sherlock Holmes to make the obvious deduction - and then they have to come clean.

So technically, no, the ICO didn't splash the story. But they must have known the information would get out.

We're gonna need a bigger jail...

Not sure if I support sending anonymous T-Mobile goons to clink for doing what (judging by the comments above) everybody seems to be doing in the industry. Fines, both at the individual and corporate level, seem reasonable though.

Like others above, I find the tone of this piece a bit off-message for the Reg, where consumer-data privacy breaches of similar or even smaller scale usually get pretty short shrift and the ICO is usually bemoaned for its lack of balls (well okay, lack of empowerment really).

I don't like this behaviour one bit personally, and if I found myself subjected to it I'd be doing all I could to get someone punished/fired/fined for it. Am I petty, or is it just OK because everyone's doing it?

this isnt new

When i was with them years ago, i had calls "on behalf of tmobile" to offer me some dodgy contract.

i found it great fun to get them to explain every single part of the contract, the phone, the price plan, the payments etc etc for a good 25 minutes (usually while doing something equally inane like playing WoW) then saying "actually...nah sounds shit, bye" then hanging up.

they gave up after the 3rd time i wasted their operaters time. bellends

Always happens

I heard this story last night on the radio and assumed it was O2. Have nearly always received a sudden influx in cold calls from non-O2 people, trying to get me to upgrade. However - it could well be that O2 outsource their (what I imagine is called) "proactive retention team" to A.N. Other company. I've never stuck with the call for long enough before yelling F.O.

A calm response I've started taking though, is declining to talk to any company other than X about my account with X and gently hanging up. I also like the new idea suggested by a commentard recently of "I'm sorry, I don't have a phone" and hanging up. My other favourite is "give me a minute while i find a pen for the details" and place them on hold until they give up and have an unnecessary phone bill.

So thats where they come from...

I started a new contract with T-Mobile about 2 months ago. Previously I'd been on O2, and in 5-6 years I'd never had a single cold call. Within a week of moving, I was getting cold calls from one particular number offering me an 'upgrade'.

At least now I know how they got my details.

I'm a long time T-Mobile customer...

And this is a cold call I received not so long ago...

"Hello there Mr AC. This is T-Mobile and we've noticed that your contract is up for renewal soon. Would you be insterested in blah blah...?"

"Er... I don't think so love, I'm on Pay As You Go. Nice try though!"

*CLICK*

Goose/Gander

It's the usual "Let's fear-monger this totally out of proportion so that we can get our ulterior motive policies through easier" processes at work.

Dealing in stolen property

I thought dealing in stolen property was a criminal offence already.

I thought it already had prison as a possible sentence.

When can we expect someone to be locked up for dealing in stolen cellphone account records?

As has widely been pointed out, fines don't work in cases like this or in corporate cases of any kind. In a corporate case, the fine just gets passed on to the customers and the managers/directors effectively go unpunished. If the laws were enforced in such a way that there might actually be an effective punishment, people in authority might behave slightly differently.

Where do the MVNOs fit in this picture? Are their records at risk too if they're piggybacking on T-Mobile? (e.g. Asda????).

@Dunstan Vavasour

Not likely, they are still basically civil servants, so it'll be when a red hot ugly fella starts skating to work that you can use 'bonus' in the same sentence.

Had this been in an Indian Datacentre

.. we'd seen much more hue and cry.. many more comments.

It sounds like T Mobile have acted correctly and ICO have not

I understand from your report that the reason that TMo were told not not disclose the data theft was to avoid damaging the legal case against said theft.

I take it that the ICO can prove that they took legal advice that guaranteed that the case would not be weaken before making their broadcast. If the ICO cannot show evidence to support their breach of confidence then there should be an official investigation of the ICO.

My reading of your report is that TMo acted correctly and the ICO have tarnished TMo's image for the ICO's benefit a clear case of abuse of trust.

Bite back

Funnily enough, O2 called me shortly before my contract with 3 was due to expire. I listened to the deal they were offering, thought it sounded pretty good, so called 3 and told them "look, my contract's almost up, O2 are offering this, what can you do for me?". Unsurprisingly they made me an offer I really didn't refuse! ;-)

So cheers the bastard who sold on my details to O2, and up yours to O2!

Re: Had this been in an Indian Datacentre

Quite so. But because some dirty Britards peddle other people's personal info, it's probably celebrated in Thatcherite entrepreneurial circles as "making a bit of extra dosh on the side as a perk of the job" (with idiotic 1980s slang necessary to illustrate the mindset), despite the obvious illegality of it all. Unless the Thatcherite in question owns the company from which customer data is being pilfered, of course - then it's "unleash the hounds" given that "not sitting up straight" is a disciplinary matter in such enterprises.

But yes: the average Daily Fail-reading Britard can't work up much indignation over such all-British affairs, unfortunately.

So...

What the F**k do you expect?

An increasing number of staff are on temp contracts with no employment rights, targets are constantly being increased, staff are being told to accept it or go find a job elsewhere... then someone comes along and offers a wad of cash in exchange for customer details...

So, How safe is YOUR data?

I knew it!

Up until I took out a contract with T-mobile a couple of years ago, my main email address didn't seem to have made it onto any spammer lists and I didn't really get much in the way of cold calls or junk texts. Since taking out that contract, I've seen spam directed to my main email address, had various cold calls from various companies (in spite of TPS registration) and do receive the occasional junk text from various places.

I just knew they had sold on my details, but didn't have any proof. One of the cold-calling mobile phone brokers even claimed that they had got my number from T-mobile when I quizzed them about it. I wasn't sure I believed them at the time, but it seems like they were telling the truth.

Scum-sucking, bottom-feeding, sputum-drooling, malodorous little oiks, so they are.

Paranoia

So convictions for data theft end up with a custodial sentence, then how long until file sharing becomes 'data theft'?!

Help! Police!

No-one has mentioned the SFO so far - are we leaving it all to the ICO to sort out? That makes me feel a lot better.

That expalins...

...why I kept getting calls, despite being on TPS.

I hope they do get the jail.

Hang the messanger

In this case ICO heads should roll. They forced T-Mobile to admit this had heppened when T-Mobile where not ready to do so. As a result customers have been put at risk and the people who bought the data will no doubt be hiding their tracks as we speek.

So which MP is to blame for this. After all we are talking civil servants here so they would not do this without the authoraty from someone.

At least they're doing something

Like others posting here (and elsewhere), T-mobile are hardly alone in this, although it sounds like at least they're willing to disapprove of it.

I was with Orange for years, and they had precious little interest whenever I reported that some third party had phoned me offering me an upgrade, pretending to be them (not that I had much luck getting Orange support to do anything else, either - I was with them for as long as they had the best tariffs, never for their support, although I have a little more sympathy since the IE6 story broke). I wonder if T-mobile will change their behaviour after the merger. I hope not - I'm with them now.

In the end, whenever anyone phoned me up offering an upgrade, I got them to admit who they were and then pointed out they were calling a TPS line. I don't think I bothered reporting them to anyone further afield than Orange, though.

It could be worse. I had a repair man from Sky charge on the basis that I'd got conflicting stories from Sky and a third party about whether I was still in warranty, and Sky's customer service accused me of publicising my contract (with the Sky dish at the *back* of the house, where it's only visible from a few back windows) rather than showing any interest in the possibility that someone might be selling customer details.

Frankly, anyone in the UK I can deal with. I'm a lot less sure how you report an Indian call centre for UK cold call regulation violations.