Scam: It is claimed that thousands of phone records were sold so rivals could contact owners before their T-Mobile contracts expired to offer them a new mobile phone dealThe privacy of millions of mobile phone customers is under threat from a growing black market trade in their contract details, it was revealed yesterday.
Tens of thousands of customers with T-Mobile had their contract details stolen and sold to a rival.
However, it is feared the theft - the biggest of its kind to hit the UK - is just the tip of the iceberg.
T-mobile, which has more than 16million customers, claimed theft of customers' data 'is a problem for the whole industry'.
It is one of several underhand tactics used by mobile phone salesmen keen to find ways to identify new customers.
The security lapse at T-Mobile, which is the country's fourth largest network, has opened a can of worms for the entire industry.
The Information Commissioner, who polices data protection, yesterday launched an inquiry into the matter. It is thought staff members provided the names, numbers and contract expiry dates of thousands of customers to mobile phone salesmen.
These customers then received cold calls from salesmen when
their contract was about to end offering them deals to switch to a new supplier. These sales staff, working for independent companies, then picked up substantial bonus commissions from the rival networks.
Yesterday, Orange, Vodafone, O2, 3 and Virgin Mobile all denied any involvement in the theft.
Details of the investigation were revealed by the Information Commissioner, Christopher Graham, who is calling on the Government to introduce tougher sanctions, including prison terms, for data theft.
Mr Graham wants crimes of this kind, known as a Section 55 offence under the Data Protection Act, to carry a jail term of up to two years and significant fines.
The call to toughen the current maximum fine of ?5,000 per offence is backed by consumer groups and the Conservatives.
The Information Commissioner's Office (ICO) said: 'The number of records involved runs into the millions and it appears that substantial amounts of money changed hands.
'It is alleged that the information was being sold on to the service provider's competitors, whose agents were using the material to cold call customers prior to contract expiry dates to offer them an alternative contract.
'The service provider has alleged that many thousands of customer account details have been unlawfully obtained.'
It added: 'The ICO has investigated and it appears that ... substantial amounts of money have changed hands.' There is a burgeoning black
market in personal data. Private investigators and criminal gangs have been able to access bank details, and the medical and mobile phone records of thousands. This can be used to steal identities and raid bank accounts.
Mr Graham said: 'We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data.
'But, we will only be able to do this if blaggers (data thieves) and others who trade in personal data face the threat of a prison sentence.
'The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity.'
Mr Graham said the threat to personal security and privacy is growing.
'More and more personal information is being collected and held by government, public authorities and businesses,' he said.
'In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater.'
The Conservative justice spokesman, Eleanor Laing, said the Commissioner should be given greater powers.
'We need a beefed up Information Commissioner with a full set of punitive strings to his bow, including the power to fine organisations. The Government's refusal to establish a strong privacy watchdog is nothing short of scandalous,' she said.
T-mobile yesterday said it had discovered 'the source of the breach'.
It said: 'When it became apparent that contract renewal information was being passed on by an employee to third parties without our knowledge, we alerted the Information Commissioner's Office.
'Working together, we identified the source of the breach which led to the ICO conducting an extensive investigation, which we believe will lead to a prosecution.'
Comment