T-Mobile is again giving its customers — and prospective customers — reason to be nervous.
Most U.S. Sidekick device users suffered severe data losses in October, when they permanently lost photos, contacts, and calendar entries. T-Mobile then suspended the sales of Sidekick devices, which has only been resumed this week. Earlier this month, T-Mobile U.S. customers also experienced widespread service disruption for both voice calls and text messages.
This time, staff at the U.K. operations of wireless carrier T-Mobile have sold personal data of thousands of customers. Millions of records from customers were brokered to third parties, who then approached customers whose contracts were soon to expire.
T-Mobile, the country’s fourth largest mobile phone company, said that its customers’ data was sold without the company’s knowledge, a T-Mobile spokesperson told the BBC. The breach is the biggest of its kind so far, according to Christopher Graham, U.K.’s Information Commissioner, whose office is preparing to prosecute the T-Mobile staff responsible for selling the personal data.
With a U.K. workforce of around 6500, T-Mobile has more than 16 million U.K. customers (a 15 percent market share) and announced recently its plan to merge with Orange, the country’s third largest wireless carrier — creating a market leader above O2 and Vodafone with more than 28 million customers (and responsibility for even more records).
Suspicions of the customers’ data breach were raised when customers whose contracts were due to expire soon were contacted regarding switching to a different carrier. T-Mobile said that it has identified the source of the breach, which then alerted the U.K.’s Information Commissioner. The yet-unnamed offenders could face fines up to$9000 each, but no jail time.