One of Britain's biggest mobile network providers, T-Mobile, confirmed tonight that it was the company caught up in an investigation into a major scam involving the sale of customers' personal details and phone numbers.
But industry sources disputed an assertion by the Information Commissioner, Christopher Graham, that "millions" of mobile phone records had been misappropriated and suggested that the real figure was in the low hundreds of thousands.
Mr Graham blew the whistle on the scam in a formal submission to the Ministry of Justice backing a proposal that data protection breaches should carry possible jail terms.
He said that the Information Commissioner's Office (ICO) had been contacted by a mobile telephone provider with evidence that employees were selling customer data, including mobile numbers and clients' contract expiry dates.
"An ICO investigation indicated that the information had been sold on to several brokers. Subsequently several search warrants were obtained and executed.
"A prosecution case is now being prepared and until the case comes to court no more details can be released. However the number of records involved runs into the millions and it appears that substantial amounts of money changed hands."
T-Mobile, which is Britain's fourth biggest mobile company with 16.6 million customers, tonight issued a statement confirming that it was the company involved although it expressed its "surprise" that the investigation had been made public before an eventual prosecution.
The company, a subsidiary of Deutsche Telekom, also suggested that the problem was a wider one within the UK mobile sector.
"While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry," it said.
The UK is one of the most competitive markets in the world with five network operators and a host of virtual operators, such as Virgin Mobile and Tesco Mobile which use capacity from the network owners to offer cheap or targeted services, aggressively competing for new customers.
Yet while the operators have worked hard to reduce churn – the rate at which customers defect to rivals – there are still thousands of independent third-party resellers that regularly cold call customers in order to tempt them into switching to a better deal.
It is these third-party sellers that are happy to pay employees of the networks to get customer details, and in particular, find out when a subscriber's contract is nearing its end.
The facts of the case being investigated by the ICO are far from clear. Industry sources suggested that a single T-Mobile employee was involved who had left the company and now faced prosecution, but an ICO spokeswoman said that the organisation stood by the wording of its submission that millions of mobile records were involved in the scam.
Neil McHugh, managing director of mobile phone comparison site Rightmobile, said T-Mobile clearly had major questions to answer. He said: "Now it has been found that rogue staff members at T-Mobile were behind the leak, I’m sure the network operator will have a large media storm to ride. Customers absolutely have the right to ask them whether or not their personal data is safe."
Mr Graham is supporting government proposals for people who steal and sell on personal data to be given prison sentences under Section 55 of the Data Protection Act. At the moment, the maximum punishment is a fine.
"But we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence. The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent."
The Information Commissioner said that more and more personal information was being collected and held by government, public authorities and businesses.
He added: "In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater.
"If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential. This will not only underline the serious nature of the offence but will ensure that those convicted carry a meaningful criminal record.
"A custodial sentence will also have the added benefit of making the Section 55 offence a recordable one and open up the possibility of extradition in appropriate cases."
In its submission to the Ministry of Justice, the ICO details a number of Section 55 offences which it says support the need for jail terms.
They include the case of a private investigator enlisted to mine personal information on a rape victim as part of what was thought to be an act of revenge by her attacker. The private investigator phoned the woman's family, her GP and her utility company.
But when officers executed a search warrant at the officers of the company to which the calls were traced they were greeted by a man with a previous data protection offence who said: "What's the maximum fine for this, £5,000? I will write the cheque out now."
Other examples given by the ICO included the leaking of the BNP leadership list, for which one former member of the party was fined £200, and numerous cases involving police officers and employees who abuse personal information held on police systems, notably the Police National Computer.
In another case recently referred to the ICO, "blaggers" used forged identity documents to gain unlawful access to 41 people’s credit files held by a credit reference agency. The ICO is continuing its investigation.
Elaine Laing, Shadow Minister for Justice, said that an industry wide voluntary “kitemark of best practice” is needed to improve customer confidence when handing over information to companies. “We need a beefed up Information Commissioner with a full set of punitive strings to his bow including the power to fine organisations. The government’s refusal to establish a strong privacy watchdog is nothing short of scandalous,” she said.
No comments:
Post a Comment