Breaking News - Mobile Customer's Data abused

[buzby]

BBC News is reporting an investigation into the selling on of consumer information regarding their contracts (and earliest renewal dates) that have been compiled and SOLD to third parties, along with the relevant contact details. It appears that it is employees of a mobile retailer (not network) who are selling the data to brokers - and there may be criminal charges brought...

 

Listen and watch out for it....

Edited November 17, 2009 by buzby

[sillygirl1]

My contract is up for renewal this week, so I am expecting a flood of calls to 'get me a better deal, insurance etc etc etc'. I've already got it all sorted and new phone (Palm Pre - I've got the Palm Treo which I love...) arrives on Thursday!

 

I expect some people will think they can 'better the deal' but it is unlikely as I am on a corporate contract...

[andydd]

My contract is up for renewal this week, so I am expecting a flood of calls to 'get me a better deal, insurance etc etc etc'. I've already got it all sorted and new phone (Palm Pre - I've got the Palm Treo which I love...) arrives on Thursday!

 

I expect some people will think they can 'better the deal' but it is unlikely as I am on a corporate contract...

 

This is how the company above were rumbled, people were getting calls when their contract was about to expire but then thinking 'hang on a minute, how did they know my contract was about to expire ?'.

 

I wonder if we can find out which company it was ?

[pompeyfaith]

Just seen this on Sky News and yes I have been phoned many times about a new contract but was not phoned on my mobile has always been the landline ?

 

PF

[maya222t]

Just wondering whether there was any opening for customers to take action against this staff member or even t mobile concerning selling customer's private data. Especially if customers signed the box not to give their information to 3rd parties.

 

This is serious stuff, feels like customers are chattels, vassals that have had their civil liabilities eroded.

 

Any ideas about any legal possibilities?

[Human Writes]

You'd only have legal grounds for an action under the DPA if you'd suffered quantifiable damages as a result of T-Mobiles breach.

 

As you've presumably no idea whether or not your data was involved in this breach I'd suggest you need further info from T-Mobile, even if they did confirm that your data had been disclosed without your consent, you still have to prove damages, so I'd suggest any legal options you may have would depend on you finding out further information.

[seagalinvestigations]

I felt so strongly about the comments made by Christopher Graham on T-Mobile and Data Protection issues I added a comment on the BBC site...

 

"I am a T Mobile customer and have on each of the occasions that my contract was due to expire, been approached (verbally) by another company using very cleverly worded pitches to make me believe they were associated with T Mobile and that I would be put onto a better business package. They also offered to pay any remainder of the contract costs in order to end early and start the new contract sooner.

 

What I found even more disturbing is that I am a Private Investigator and what Mr Christopher Graham failed to realise is that the thoughtless comments about private Investigators obtaining information through blagging and selling it on to others is wholly unjustified. There may indeed be a few individual cases but the man has clearly shunted the entire Investigative industry with such a careless comment. personally his words need to be chosen more carefully in future and an apology would not go amiss in this instance.

 

My fellow colleagues and I are all disturb by these comments. Individual cases such as the T Mobile should be "Individually" dealt with and refrain from using other industries as an example where there may only be a few isolated cases."

 

BBC NEWS | UK | T-Mobile staff sold personal data

[noddyaccount]

Well here we go , as reported on the news T mobile employees have been selling our data , so it seems according to the News and the ICO .

That explains all the annoying selling calls and I presume that all data can be sold on again and again ad infinitum , cant put the egg back in the shell now .

Can we sue T mobile for this obvious breach of The Data protection Act , and if so how ?

[Human Writes]

The answer is that you can seek compensation under the Data Protection Act, however, you have to be able to prove damages.

 

The questions then become:

 

1) Were your details disclosed? (Not everyone's were apparently.) Can you prove your details we disclosed by T-Mobile, or will they confirm the breach applied to you?

 

2) What damage has this disclosure caused? And I mean damage in the legal sense. If you've suffered damage and this has caused you distress you also can claim for this.

 

You can't usually claim solely for distress in DPA related litigation unless the data is being processed for special purposes and this wasn't the case here.

 

You could theoretically start litigation against T-Mobile for compensation, however, you'd have to prove the breach and the damages. In my view any damage in relation to this breach is likely to be minimal, the odd annoying phone call from a salesperson isn't likely to result in any substantive damage to you, however, I'm open to suggestions as to what sort of damage you think T-Mobile may have caused you as a result of a breach in relation to this matter.

 

Generally I think it would be time consuming and difficult to prove that you were subject to this breach, it'd also be tricky to prove damages in relation to the breach, so any legal action would probably be very speculative.

[noddyaccount]

The answer is that you can seek compensation under the Data Protection Act, however, you have to be able to prove damages.

 

The questions then become:

 

1) Were your details disclosed? (Not everyone's were apparently.) Can you prove your details we disclosed by T-Mobile, or will they confirm the breach applied to you?

 

2) What damage has this disclosure caused? And I mean damage in the legal sense. If you've suffered damage and this has caused you distress you also can claim for this.

 

You can't usually claim solely for distress in DPA related litigation unless the data is being processed for special purposes and this wasn't the case here.

 

You could theoretically start litigation against T-Mobile for compensation, however, you'd have to prove the breach and the damages. In my view any damage in relation to this breach is likely to be minimal, the odd annoying phone call from a salesperson isn't likely to result in any substantive damage to you, however, I'm open to suggestions as to what sort of damage you think T-Mobile may have caused you as a result of a breach in relation to this matter.

 

Generally I think it would be time consuming and difficult to prove that you were subject to this breach, it'd also be tricky to prove damages in relation to the breach, so any legal action would probably be very speculative.

 

Thank you for your reply , I was thinking along the lines of the Government child database fiasco . An approximate sum of £300 was suggested then , on the grounds that one had to continuously review one's security arrangements as the breach is ongoing , who knows where that info is or will end up . There is enough given to a mobile phone provider to enable identity theft and this ongoing threat more than the annoying phone calls is the real

distress . As to proof that my data was sold the third party phone calls before the expiration of the contract , the initial reason for the sale of details is suggestive that they were sold .

[buzby]

Actually, no it doesn't.

 

Unsolicited calls to phone users on ALL networks has been common, all state you are coming up to renewal and offering a 'good deal'. This [problem] has been running since 1996, and probably earlier, and doesn;t require any network to lose data.

 

The forum has had legions of complaints of recieving calls from 'their' network offering an upgrade that turns out to be a new contract. Many brokers keep up to date with the issued number allocations on each network, and know when the 12/18 months is almost up to prompt a call. So - ther's nothing really new - just T-Mobile (soon to be no more, anyway) not treating their customer data with the respect it deserves.

 

But dont confuse this with upgrade calls always meaning nicked data....

[buzby]

Er, can you keep these to the SAME thread that already exists please?

[Human Writes]

Thank you for your reply , I was thinking along the lines of the Government child database fiasco . An approximate sum of £300 was suggested then , on the grounds that one had to continuously review one's security arrangements as the breach is ongoing , who knows where that info is or will end up . There is enough given to a mobile phone provider to enable identity theft and this ongoing threat more than the annoying phone calls is the real

distress . As to proof that my data was sold the third party phone calls before the expiration of the contract , the initial reason for the sale of details is suggestive that they were sold .

 

Did the goverment actually pay £300 to anyone?

 

If you were able to get confirmation that your data had been affected by this breach then I'd have thought T-Mobile could mitigate any potential identity theft by applying a CIFAS flag to your credit file, this would cost them £12 or £13 quid and could prevent identity fraud for 12 months from the date of its application.

 

The other problem is T-Mobile haven't specified what data has been stolen from them, they've confirmed that millions of pieces of personal data may have been stolen from them by a former employee in relation to thousands of customers, but they have 15 million + customers, the maths would suggest not everyone's data has been disclosed.

 

If its just your mobile number, name and contract renewal date then the risk of identity theft would probably be low, if their employee has stolen your full name and address, plus mobile numbers and other data held by them the risk would be considerably higher.

[buzby]

They've not disclosed what numbers were used, but [problem] callers have usually used seculatve dialling to get hold of new customers - stolen data is just the icing on the cake!

[cerberusalert]

Three threads merged

[noddyaccount]

Did the goverment actually pay £300 to anyone?

 

If you were able to get confirmation that your data had been affected by this breach then I'd have thought T-Mobile could mitigate any potential identity theft by applying a CIFAS flag to your credit file, this would cost them £12 or £13 quid and could prevent identity fraud for 12 months from the date of its application.

 

The other problem is T-Mobile haven't specified what data has been stolen from them, they've confirmed that millions of pieces of personal data may have been stolen from them by a former employee in relation to thousands of customers, but they have 15 million + customers, the maths would suggest not everyone's data has been disclosed.

 

If its just your mobile number, name and contract renewal date then the risk of identity theft would probably be low, if their employee has stolen your full name and address, plus mobile numbers and other data held by them the risk would be considerably higher.

Surprise surprise T mobile have not specified what data has been stolen , if I recall any application includes name ,time at and address , telephone nos, date of birth, perhaps employment details , bank acct . What else does an identity thief need ?

With all due respect , I note from your previous threads that you are a para legal with a telecoms corp , i do hope that there is no conflict of interest here .

[noddyaccount]

Did the goverment actually pay £300 to anyone?

 

If you were able to get confirmation that your data had been affected by this breach then I'd have thought T-Mobile could mitigate any potential identity theft by applying a CIFAS flag to your credit file, this would cost them £12 or £13 quid and could prevent identity fraud for 12 months from the date of its application.

 

The other problem is T-Mobile haven't specified what data has been stolen from them, they've confirmed that millions of pieces of personal data may have been stolen from them by a former employee in relation to thousands of customers, but they have 15 million + customers, the maths would suggest not everyone's data has been disclosed.

 

If its just your mobile number, name and contract renewal date then the risk of identity theft would probably be low, if their employee has stolen your full name and address, plus mobile numbers and other data held by them the risk would be considerably higher.

 

No I am childless , but I did get £300 plus from a financial firm for a similar breach where an employee had sold on details in a similar fashion , I cannot say any more about that as the walls have ears .

A CIfas flag would only be good for 12 months , this information cannot be put back into Pandorras box and therefore will still be toxic in and after the expiration of any flag .

Also reading an interesting post by Busby where , it is stated that a Cifas flag does not differentiate between a Fraud to and fraud by , unless manually done , therby branding in the majority of automated applications etc , the credit file holder a potential fraudster . Nice first you get your details nicked and then in compensation you are royally messed up . Insult to Injury methinks .

Edited November 18, 2009 by noddyaccount
add-on

[noddyaccount]

I felt so strongly about the comments made by Christopher Graham on T-Mobile and Data Protection issues I added a comment on the BBC site...

 

"I am a T Mobile customer and have on each of the occasions that my contract was due to expire, been approached (verbally) by another company using very cleverly worded pitches to make me believe they were associated with T Mobile and that I would be put onto a better business package. They also offered to pay any remainder of the contract costs in order to end early and start the new contract sooner.

 

What I found even more disturbing is that I am a Private Investigator and what Mr Christopher Graham failed to realise is that the thoughtless comments about private Investigators obtaining information through blagging and selling it on to others is wholly unjustified. There may indeed be a few individual cases but the man has clearly shunted the entire Investigative industry with such a careless comment. personally his words need to be chosen more carefully in future and an apology would not go amiss in this instance.

 

My fellow colleagues and I are all disturb by these comments. Individual cases such as the T Mobile should be "Individually" dealt with and refrain from using other industries as an example where there may only be a few isolated cases."

 

BBC NEWS | UK | T-Mobile staff sold personal data

 

Can you find out who stole the data and how much they stole ? I also have a very long piece of string , can anyone please tell me how long it is ?

[Human Writes]

I note from your previous threads that you are a para legal with a telecoms corp , i do hope that there is no conflict of interest here .

 

No there is not a conflict of interest.

[sillygirl1]

Just had a call from 3g wanting to know if I needed a new contract with them, seeing as they can't better the deal I get with O2 I told them to get lost... somebody is passing this data around and the culprits should be shot.

 

My phone is registered with the relevant preference services but I still get these 'marketing' calls, one loan company had the cheek to tell me 'three years ago you applied for a loan and was unsuccessful, we can help you now...' I won't repeat on here what I said but it was rather short and terse!

[locutus]

Well, I've worked for t-mobile and o2 in the past, through outsourcing companies and I've had full Internet access along side their programs (which are both browser based) and I have to say I feel it would be easy to just copy loads of data from their systems to the Internet! (or add a Trojan to the Internet explorer on that system to send the data). Obviously I'm not the kind of person to do that, and although I'm good with computers, and I understand about networking and moving data I'd not be able to program a Trojan myself, I do feel that someone who has that mind-set and who has the ability to do that would have no problem getting a job for either company. I recall 1 guy working for about 2 weeks, then he got escorted off the premises by security. Turns out he had a criminal record for fraud and the criminal record check hadn't come in until he'd been working for them for a period of time!

 

The trouble is, these companies want cheep workforce. In lowering the cost of staff something has to give and in a place where 1000's of people are employed and have a fast turnover of staff, and an under-funded team of people doing the checks, things are going to fall through the cracks. This data is worth so much to fraudsters and identity thieves when you consider to get a mobile contract you have to have a good credit rating!

 

I think this story has gone quiet because there are still ongoing criminal investigations. I hope some of this points at T-Mobiles security being inadequate and all companies will have to tighten up on this sort of thing!

[buzby]

They ALL do 3G.

 

Do remember what happens to your data may have nothing to do with your network. Who did you get your first contract from? CW, P4U? ALL these retailers know this data is valuable, and make use of it for their own purposes.

 

Best yet is those 'Compare' websites. They may promise to simplify getting Insurance or whatever and you only disclose your details ONCE, the trouble is - your data file is then sent (like a waterfall) to the relevant firms identified as offering quotes. Those that refuse or won't offer cover will then pass on this same data to associated firms that might - and they get PAID for doing so.

 

All these incidents are not breaking TPS/MPS initiatives because they class this as a direct response, or for mobiles, an existing established relationship.

 

Nothing at all to do with data being hijacked - just a system set up to make money at your expense, whether you loke it or not. Even giving your details to Royal Mail for redirection (and PAYING for it) redirection is the last service they provide, there is a list of companies that all get your revised details, DHSS, TVLRO, CRA's and they all pay RM for it.

 

 

Pretty neat, huh?

[pda123]

Well, I've worked for t-mobile and o2 in the past, through outsourcing companies and I've had full Internet access along side their programs (which are both browser based) and I have to say I feel it would be easy to just copy loads of data from their systems to the Internet! (or add a Trojan to the Internet explorer on that system to send the data). Obviously I'm not the kind of person to do that, and although I'm good with computers, and I understand about networking and moving data I'd not be able to program a Trojan myself, I do feel that someone who has that mind-set and who has the ability to do that would have no problem getting a job for either company. I recall 1 guy working for about 2 weeks, then he got escorted off the premises by security. Turns out he had a criminal record for fraud and the criminal record check hadn't come in until he'd been working for them for a period of time!

 

The trouble is, these companies want cheep workforce. In lowering the cost of staff something has to give and in a place where 1000's of people are employed and have a fast turnover of staff, and an under-funded team of people doing the checks, things are going to fall through the cracks. This data is worth so much to fraudsters and identity thieves when you consider to get a mobile contract you have to have a good credit rating!

 

I think this story has gone quiet because there are still ongoing criminal investigations. I hope some of this points at T-Mobiles security being inadequate and all companies will have to tighten up on this sort of thing!

 

Yep, I'm the same, have worked for both T-mobile and o2. I agree, the full internet access with t-mobile it would be VERY easy to copy bank details.

 

Funnily enough though, people calling o2 payments line always seem to be annoyed when we state that we can't store card details for future. Personally, I would be very worried and angry if any random employee could view my card number, security numbers etc. hmm.

[LEONABLUE]

have just had a phone call from "Home Services Marketing" purporting to be "3". trying it on basically,offering the usual upgrades, they also had my full name,

"Home Services Marketing" i found their name on the website "whocallsme" it was a freephone number they had used. they got the rough end of my tongue !! (easy really,they rang at wrong time hehehe,hubby hadnt done the washing up !! )