The story dominating the British news this evening is the revelation that staff at one of the leading mobile phone company’s sold the personal details of thousands of customers for “substantial sums”.
Information Commissioner Christopher Graham refused to name the company concerned as it could prejudice a future prosecution, but told the media that the names, addresses, telephone numbers and information about customers’ contracts was stolen and sold on to other competitors.
You can imagine just how attractive it would be for one mobile phone company to know when another phone operator’s customers were approaching contract renewal.
Newshounds, ever keen to find out who might have been at the heart of the incident, approached Orange, Vodafone, 3, O2 and Virgin – all of whom said they were not being investigated. This left remaining operator T-Mobile in the uncomfortable position of confirming its involvement.
BBC News reports that a T-Mobile spokesman confirmed that it was their customers whose data had been sold to rival phone firms and that the information had been sold without their knowledge.
One of the central problems here is that many companies are not doing enough to secure the data they hold about every one of us. The cheapness and availability of devices like USB thumb drives has just made it easier than ever before to scoop up large databases and waltz out of the office without any suspecting a thing.
Technology does exist to help intercept and control the movement of personal data inside organisations – but many firms have still not taken even the most basic steps to halt it dead in its tracks.
I’m not saying that technology can help prevent any data leaks inside your company – after all, a bad guy in your call centre could write down customer details on paper and put them in his back pocket – but it’s only sensible today to take all the precautions you can, and reduce the risk.
Certainly the authorities seem interested in doing what they can to fight this growing problem. For instance, Christopher Graham of the Information Commissioner’s Office has questioned whether the current fines of £5,000 are really a sufficient deterrent for this kind of crime. In his opinion, the most serious offenders should face a spell in prison for deliberate data theft.
And I have to say that I agree with him – £5,000 is peanuts compared to the huge amount of money that can be earnt by stealing personal data from inside a large corporation.
One big question still remains, however. We know that it was T-Mobile who had the data stolen from them – but who was buying it?