Update: T-Mobile lost control of data on 17 million customers

After two years of silence, T-Mobile has admitted it lost control of data on about 17 million customers in early 2006.

Share

T-Mobile has admitted it lost control of data on about 17 million customers in early 2006.

Silent about the data loss for more than two years, the company published its version of events on Saturday following a report in German news magazine Der Spiegel that the data were being offered for sale on the Internet.

In 2006, T-Mobile was approached by a person claiming to have confidential customer data in his possession, said company spokesman Philipp Blank.

The company immediately informed the public prosecutor, and investigators subsequently found a disk containing T-Mobile data, Blank said. No disk was physically stolen from its parent Deutsche Telekom premises, and the company is unable to account for how the data came to be on the disk found by investigators, Blank said. Prosecutors consider the person who contacted the company as a witness, not a thief, he said.

Data on the disk included customers' name, date of birth, address and mobile phone number, and in some cases the customers' e-mail addresses. No banking details were lost, the company said.

When the loss of the data was discovered, the company reported the loss to the state prosecutor, and began monitoring Internet forums and sites where such stolen information is offered for sale, it said.

T-Mobile said it had found no evidence in the months following the loss that the missing data was on the market, it said.

However Der Spiegel magazine reported that the data is now for sale on the Internet.

T-Mobile maintains that there is no evidence that the data has been used to harass or to steal the identity of any of its customers.

Blank said the magazine appears to have obtained customer data from the same person who originally contacted T-Mobile in 2006, he said.

Although the company is unable to account for how the data was originally obtained from its database, it has improved its security procedures since 2006, Blank said. Those procedures now include the use of stronger passwords and access controls, and the logging of accesses to customer databases.

Customers worried about the disclosure of their mobile phone number can have it changed for free, the company said.

Deutsche Telekom is also in hot water for spying on the private phone use of members of its board of directors, whom the company suspected of leaking sensitive information to journalists. The company said in May that it had called for an independent investigation of the affair.

Find your next job with computerworld UK jobs