In a striking revelation that could stoke suspicions about the way customers’ data is being handled by companies in UK, it has been emerged that the Information Commissioner’s Office (ICO) has been probing the picking and illicit selling of T-Mobile users’ information for around a year or so.
The report of the security infringement, which involved the company’s employees stealing customer details to sell them to marketers, was made public last month only.
In its response to Freedom of Information Act, T-Mobile informed that “the date upon which the ICO was made aware by T-Mobile of the issue was 16 December 2008”.
The security breach, considered as ‘the biggest of its kind’, has already drawn flaks from its sizeable user base, but the disclosure that the company knew about the act of infringement for around a year would only make the situation worse for the operator.
A spokeswoman for ICO asserted that it had informed about the data infringement only to bring into light its lobbying drive for new proposed criminal offences to be designed for the offenders who infringe personal data.
Earlier, the ICO has supported the calls for enforcing laws that would bind the companies to inform their users about major data breaches, but T-Mobile was instructed to put covers on it, and was apparently shocked when the ICO published a press release disclosing the news.
It is simply incredible that the ICO waited for so long before publicly pointing fingers at T-Mobile staff. The Deutsche-Telekom owned mobile phone network isn't likely to suffer from bad PR because of the limited number of cases but it could well be the tip of the iceberg.