14 DAY TRIAL // The German mobile phone services operator T-Mobile has admitted losing the personal details of 17 million of its customers. Even though the incident happened in early 2006, the company only mentioned it last Saturday due to an article published in the German magazine Der Spiegel.
The information included customers’ details such as names, phone numbers, addresses, birth dates and e-mail addresses and was stored on a disk which mysteriously disappeared. According to Marion Kessing, spokeswoman for T-Mobile's parent company, Deutsche Telekom, the lost data did not contain any banking information. Ms. Kessing also pointed out that they had been working with the authorities since 2006 to monitor the black market for signs of transactions regarding the data. Even though there are no banking details included, the information is still valuable to identity thieves, which prompted the company officials to think that someone could attempt to sell it on the underground forums.
Kessing noted that the company notified the Interior Ministry in Berlin last week and decided to make a public statement because of the article that was supposed to appear in Der Spiegel this Sunday. According to the Der Spiegel article, the information was recently spotted up for sale on the black market, but T-Mobile spokesman Frank Domagala commented that "according to our information, even though these details have been put up for sale on the black market, there has not been a buyer”. The information could prove even more valuable, as amongst the 17 million customers whose privacy was compromised, there is an impressive number of public figures like German celebrities, government officials, politicians, religious representatives or very wealthy individuals.
The company noted in their statement that since the incident in 2006, serious efforts had been made in order to improve data security procedures and prevent such breaches in the future. In this respect, the use of stronger passwords and access controls have been implemented, as well as logging all connection and activity related to the customers databases. The company also set up a special hotline and invited worried customers to change their phone numbers free of charge if they wished to do so.
Things are certainly not looking good for T-Mobile, the company currently being in the middle of another investigation. Some of the staff is being investigated for illegally accessing the phone records of members of the board of directors. This information leak adds up to a long series of other data loss incidents, many of which occurred even within government institutions. In U.S. alone, it's estimated that almost 30 million records have been lost or compromised in 2008, out of which 80% were in digital format.