• Search:

Comms: T-Mobile and stolen customer data

Nigel Morris-Cotterill

Wednesday 18 November 2009

Recently, one of our staff began to get spam purporting to be from T-Mobile. Is he among the "millions" of people whose data has been stolen from T-Mobile? He does seem to be unlucky that way..


Most Recent - This Section

Comms: T-Mobile. Stupid, Stupid, Stupid
Comms: Apple tries to get to the core of the iPhone 4 problems
Comms: don't take notes when using your iPhone 4
Comms: Fraudulent SMS spam victimises Shell in Malaysia
Comms: new product encrypts mobile to office comms

Most Recent - Whole Site

Business crime: USA's SEC charges accounting staff with embezzlement of USD30 million
The Risk Professional: new report shows bribery trends in Brazil
IT Security: Lo-Jack software helps laptop recovery
HR: Migrant workers becoming less welcome
Aviation: Malaysis will build new Low Cost facility after all

Most Recent - BizNewsSelect

The Society of Anti Money Laundering Professionals: launch of Accredited Training Course Provider scheme
The Society of Anti Money Laundering Professionals launches new membership class
Quick To Learn More expands and updates content units
Hong Kong's latest foreign currency reserve assets figures released
International reserves of BNM as at 31 December 2009

Most Recent - BankingInsuranceSecurities.Com

Securities: USA's SEC bans investment adviser after fraud
Banking: RBS sheds approx 20,000 jobs in UK
Sanctions: OFAC Update 20100201
Sanctions: UK amendments to T(UNM)O 2000 list 20100901
Sanctions: Directions under T(UNM)O 2009 (UK) 20100901
 

The chap who is being spammed by a company called fagms.net that sends out its junk with T-Mobile in the sender field, has written to T-Mobile telling them of the spam. Their response was to ask him for his mobile number. In the UK he has a T-Mobile phone, the contract for which will expire next month.

He seems to be victimised by data leaks.

Completing a form for a Malaysian government department, he put a single-use e-mail address in the form. It was used on that form only, and only once. He gets spammed at that address.

He bought a car: two days later, he started receiving telephone calls from people asking if he had a car to sell.

When we moved all of our Malaysian mobile phones from on company to another, keeping our numbers, they were all grouped together into a single account which, for various reasons, are registered to a local director. He started to get spam SMS and unsolicited sales calls within days of the transfer. The interesting thing is that, when it's a phone call, the callers know the name of the account holder and ask for that person, never for the actual user.

T-Mobile identified the problem and reported it to the Information Commissioner's Office, the trendy name recently given to the Office of Data Protection. The ICO, T-Mobile said, asked T-Mobile not to make public the breaches which contain name, address, contact information and the date of contract expiry, it is said.

But then the ICO made a statement about the case and, to avoid speculation, T-Mobile decided to release the story.

It appears that a single employee stole millions of records of customers, and sold them onto brokers who then resold them to rival telephone companies and / or dealers who are paid substantial commissions for each new account signed up.

As for the chap in KL, he's distinctly unimpressed with the whole idea of data security.

"Hell," he says. "Even a bank has farmed out its advertising to an SMS spam company and I'm getting stuff from them, too. So any chance of security for my contact info has gone. I seem to be target zero for all of this stuff."

Bookmark and Share

Tip a friend

Download PDF Download PDF version of this page





loading