Feeds

Staff at UK mobile co sold customer records

Info Commissioner recommends jail for miscreants

Intelligent flash storage arrays

Updated Staff at an unnamed mobile operator have been selling customer details to the competition, and the Information Commissioner reckons that it will take a spell in chokey to stop the leaks.

According to the BBC, a T-Mobile spokesman has confirmed that T-Mobile is the company in question. The spokesman tells the BBC that the company alerted the Information Commission, saying that the data was sold "without our knowledge."

Customers numbering "many thousands" have had their details - including contract-renewal dates - lifted by staff working at the operator in question and sold to agents, who then cold-call the customers to offer alternative contracts. But the Information Commissioner complains that fining the ne'er-do-wells isn't enough, and suggests that locking them away is the only language they'll understand.

The details come as part of the Commissioner's ongoing campaign in favour of government proposals to introduce a prison term for those in breach of the Data Protection Act. This demonstrates that it's not just banks and doctors who have commercially-valuable information that can be stolen by individuals employed by the company.

In this case, it was enough information for a broker to call up just before a contract expires and offer an alternative, for which the brokers have apparently paid "substantial amounts of money". So much money, according to the Commissioner, that the threat of a fine is simply ineffective:

"The existing paltry fines... are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent."

Given the number of cold calls received by every mobile phone user in the UK it would be tempting to think the information wasn't that valuable - but we don't know exactly what other information could have been exposed. Plus there is also an obvious principle at stake.

Strengthening Section 55 of the Data Protection Act could make it riskier for journalists to find information, though apparently we'll get a "public interest" defence to go with the new custodial sentences. ®

Updated: This story has been updated to include mention of the BBC's story on the matter.

Beginner's guide to SSL certificates

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
FCC: Gonna need y'all to cough up $1.5bn to put broadband in schools
Kids need more fiber, says Wheeler, and you'll pay for it
NBN Co screws lid on FTTP coffin
Copper and HFC dominate in new corporate plan
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.