T-Mobile Confirms U.K. Data Breach

T-Mobile confirmed that an employee at its U.K. subsidiary passed customer data to third-party brokers, potentially leading to a criminal prosecution. Despite the potential damage to customers' lives, such a data breach is most likely punishable with a fine as opposed to jail time in the U.K. T-Mobile has been dealing with public-relations issues on both ends of the Atlantic, including an incident in which a massive server failure led to Sidekick smartphone users in the U.S. temporarily losing their personal data.

T-Mobile confirmed that an employee had passed along customer data to third-party brokers in the U.K., an incident that could lead to criminal prosecution. Given that the defendants likely face a potential fine but no jail time, a number of British commentators have been suggesting that penalties for illegal data-trading be stiffened to include prison sentences.

According to the BBC, T-Mobile is the fourth-largest mobile phone company in the UK and a subsidiary of German firm Deutsche Telekom, with a 15 percent share of the market. It is apparently in discussions with telecom company Orange to merge their respective businesses.

Deutsche Telekom believes the breach occurred sometime between July 2007 and November 2008, that it was limited to contract renewal data, and that "the stolen data did not include call records, financial data, password details or any other information that would enable someone else to access customers' personal details."

Given the length of time since the breech, Deutsche Telekom also believes the current impact on customers to be "minimal."

"T-Mobile takes the protection of customer information seriously," a spokesperson from Deutsche Telekom told eWEEK. "When it became apparent that contract renewal information was allegedly being passed on by an employee to third parties without our knowledge, we alerted the Information Commissioner's Office."
The spokesperson added that the investigation by the Information Commissioner's Office could very well "lead to a prosecution." However, commentators on the BBC and other British Websites have decried the fact that the data thief (or thieves) will face a fine but most likely no jail time, and have asked for harsher penalties.

"The existing paltry fines... are simply not enough to deter people from engaging in this lucrative criminal activity," Christopher Graham, the Information Commissioner, told the BBC. "The threat of jail, not fines, will prove a stronger deterrent."

T-Mobile has been wrestling with some public-relations fiascos on both sides of the Atlantic. On Nov. 17, the U.S. branch of the company announced that it would begin selling its Sidekick smartphone again, more than five weeks after being forced to suspend sales following a massive data failure on servers holding user information.

"New pricing for the Sidekick LX 2009 will be $149.99 with a two-year contract and the Sidekick 2008 will be $49.99 with a two-year contract," a T-Mobile spokesperson wrote in a Nov. 17 statement emailed to eWEEK. The new prices for the devices are notably lower than before the data outage; the Sidekick 2008 was originally priced at $149.99, and the Sidekick LX 2009 at $199.

Those servers were run by Microsoft subsidiary Danger, and Microsoft engineers scrambled in the wake of the outage to restore Sidekick user data. While much of that data had been recovered, some of the Sidekick community has complained on the T-Mobile forums that certain data such as photos are still missing.

Seeking to make up for the data loss, T-Mobile offered Sidekick customers a $100 T-Mobile gift card and a month of free data service, a gift greeted in wildly different ways by Sidekick users. Meanwhile, rumors have abounded that Microsoft and Danger are developing two smartphones, under the umbrella of "Project Pink," that feature a Sidekick-style sliding form-factor.