T-Mobile lost disk containing data on 17 million customers
Deutsche Telekom's German mobile phone subsidiary T-Mobile lost control of a disk containing personal information about 17 million of its customers in early 2006, the company said Saturday.
Silent about the data loss for more than two years, the company published its version of events on Saturday following a report in German news magazine Der Spiegel that the data were being offered for sale on the Internet.
In 2006, T-Mobile was approached by a person claiming to have confidential customer data in his possession, said company spokesman Philipp Blank.
The company immediately informed the public prosecutor, and investigators subsequently found a disk containing T-Mobile data, Blank said. No disk was physically stolen from Deutsche Telekom premises, and the company is unable to account for how the data came to be on the disk found by investigators, Blank said. Prosecutors consider the person who contacted the company as a witness, not a thief, he said.
Data on the disk included customers' name, date of birth, address and mobile phone number, and in some cases the customers' e-mail addresses. No banking details were lost, the company said.
When the loss of the data was discovered, the company reported the loss to the state prosecutor, and began monitoring Internet forums and sites where such stolen information is offered for sale, it said.
T-Mobile found no evidence in the months following the loss that the missing data was on the market, it said.
That changed on Saturday, however, with Der Spiegel's revelation that the data is now for sale on the Internet.
The data for sale includes the home addresses and unlisted phone numbers of many German celebrities, business leaders, billionaires, religious representatives, government ministers and politicians, according to the report.
T-Mobile maintains that there is no evidence that the data has been used to harass or to steal the identity of any of its customers.
Blank said there is still no evidence that the customer data is available for sale on the Internet, and the magazine appears to have obtained customer data from the same person who originally contacted T-Mobile in 2006, he said.
Although the company is unable to account for how the data was originally obtained from its database, it has improved its security procedures since 2006, Blank said. Those procedures now include the use of stronger passwords and access controls, and the logging of accesses to customer databases.
Customers worried about the disclosure of their mobile phone number can have it changed for free, the company said.
Deutsche Telekom is also in hot water for paying a little too much attention to the personal details of some of its customers. Its internal security staff are accused of spying on the private phone use of members of its board of directors, whom the company suspected of leaking sensitive information to journalists. The company said in May that it had called for an independent investigation of the affair.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
t mobile
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
