As an update to the story here:
A spokesperson for the U.S. Attorney’s Office informs me that the 5 men who were indicted today were not employees of T-Mobile. They allegedly accessed and acquired the customer data via an authorization code that they obtained from the owner of a T-Mobile store. The owner of that store has not been identified or charged in the case.
The indictment is available here. Keeping in mind that an indictment is not a conviction and that everyone’s presumed innocent until proven guilty, the indictment suggests that sometime beginning in October 2005 and continuing into February 2006, the five indictees may have been accessing T-Mobile customer data including their SSN and credit ratings. They allegedly then used PrivateEye.com to obtain addition personal information about the customers they intended to victimize such as addresses and dates of birth and other personal information.
I’ve requested some additional information from T-Mobile and may have further updates to this story.