Deutsche Telekom‘s German mobile phone subsidiary T-Mobile lost a disk containing personal information about 17 million of its customers in early 2006, the company said Saturday.
Silent about the data loss for more than two years, the company published its version of events on Saturday following a report in German news magazine Der Spiegel that the data were being offered for sale on the Internet. T-Mobile’s data breach appears to be confined to customers of its German subsidiary.
Data on the disk included customers’ name, date of birth, address and mobile phone number, and in some cases the customers’ e-mail addresses. No banking details were lost, the company said.
When the loss of the disk was discovered, the company reported the loss to the state prosecutor, and began monitoring Internet forums and sites where such stolen information is offered for sale, it said.
T-Mobile found no evidence in the months following the loss that the missing data was on the market, it said.
That changed on Saturday, however, with Der Spiegel’s revelation that the data is now for sale on the Internet.
The data for sale includes the home addresses and unlisted phone numbers of many German celebrities, business leaders, billionaires, religious representatives, government ministers and politicians, according to the report.
T-Mobile maintains that there is no evidence that the data has been used to harass or to steal the identity of any of its customers.
The company has improved its security procedures since the disk was lost, it said. Those procedures now include the use of stronger passwords and access controls, and the logging of accesses to customer databases.
However, no one at the company was immediately available to explain how the loss occurred.
Customers worried about the disclosure of their mobile phone number can have it changed for free, the company said.
Deutsche Telekom is also in hot water for paying a little too much attention to the personal details of some of its customers. Its internal security staff are accused of spying on the private phone use of members of its board of directors, whom the company suspected of leaking sensitive information to journalists. The company said in May that it had called for an independent investigation of the affair.