DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK mobile phone data ‘was sold’ (Update 1)

Posted on November 17, 2009 by Dissent

Staff at one of the UK’s major mobile phone companies sold on millions of records from thousands of customers, the information watchdog says.

Christopher Graham told the BBC that brokers had bought the data and sold it on to other phone firms, who called the customers as contracts neared expiry.

The suspected trade emerged after the firm alerted the watchdog. Mr Graham is planning to prosecute those involved.

He said he had not named the company in order not to prejudice a future trial.

Read more on BBC.

UPDATE: The company has now been named. It is T-Mobile. See their statement here.

The Information Commissioner’s Office issued the following statement today:

The Information Commissioner, Christopher Graham, is highlighting new evidence which shows that a deterrent custodial sentence is required to stop the trade in unlawful personal information. Christopher Graham is responding to the government’s proposal to introduce a custodial sentence for breaches of Section 55 of the Data Protection Act from 1 April 2010.

Investigators at the Information Commissioner’s Office (ICO) have been working with a mobile telephone company after the firm suggested employees allegedly sold details relating to customers’ mobile phone contracts, including their contract expiry dates. It is alleged that the information was being sold on to the service provider’s competitors whose agents were using the material to cold call customers prior to contract expiry dates to offer them an alternative contract. The service provider has alleged that many thousands of customer account details have been unlawfully obtained.

The ICO has investigated and it appears that the information has been sold on to several brokers and that substantial amounts of money have changed hands. The ICO has obtained several search warrants and attended a number of premises, and is now preparing a prosecution file.

Christopher Graham said: “Many people will have wondered why and how they are being contacted by someone they do not know just before their existing phone contract is about to expire. We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data. But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence.

The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent.

Christopher Graham continued: “More and more personal information is being collected and held by government, public authorities and businesses. In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater. If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential.

This will not only underline the serious nature of the offence but will ensure that those convicted carry a meaningful criminal record. A custodial sentence will also have the added benefit of making the section 55 offence a recordable one and open up the possibility of extradition in appropriate cases.”

In another case, blaggers used forged identity documents to gain unlawful access to 41 people’s credit files held by a credit reference agency. The ICO is continuing its investigation.

Under the law as it stands, there is a public interest defence for section 55 offences. The Information Commissioner notes that the defence available to journalists would be strengthened under the proposal for a custodial sentence.

Related posts:

  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
  • UK: Employees who stole T-Mobile customer data made to pay £73,700 for violating Data Protection Act
Category: Breach IncidentsBusiness SectorNon-U.S.Of Note

Post navigation

← HIMSS Survey: Business Associates not up to speed on HITECH
Hazelden sued for breach of privacy →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.