Skip the navigation

Update: T-Mobile lost control of data on 17M customers in '06 incident

It was silent about the data loss for more than two years

By Peter Sayer
October 6, 2008 12:00 PM ET

IDG News Service - Editor's note: This story has been changed since it was originally posted. After receiving further information from T-Mobile, it clarifies that the company did not lose a disk, although a disk containing company data was found.

Deutsche Telekom AG's German mobile phone subsidiary T-Mobile lost control of personal information on about 17 million of its customers in early 2006, the company said Saturday.

Silent about the data loss for more than two years, the company published its version of events on Saturday following a report in German news magazine Der Spiegel that the data was being offered for sale on the Internet.

In 2006, T-Mobile was approached by a person claiming to have confidential customer data in his possession, said company spokesman Philipp Blank.

The company immediately informed the public prosecutor, and investigators subsequently found a disk containing T-Mobile data, Blank said. No disk was physically stolen from Deutsche Telekom premises, and the company is unable to account for how the data came to be on the disk found by investigators, Blank said. Prosecutors consider the person who contacted the company to be a witness, not a thief, he said.

Data on the disk included customer names, dates of birth, addresses and mobile phone numbers, and in some cases customers' e-mail addresses. No banking details were lost, the company said.

When the data loss was discovered, the company reported it to the state prosecutor and began monitoring Internet forums and sites where such stolen information is offered for sale, it said.

T-Mobile found no evidence in the months following the loss that the missing data was on the market, it said.

That changed on Saturday, however, with Der Spiegel's revelation that the data is now for sale online.

The data for sale includes the home addresses and unlisted phone numbers of many German celebrities, business leaders, billionaires, religious representatives, government ministers and politicians, according to the report.

T-Mobile maintains that there is no evidence that the data has been used to harass or to steal the identity of any of its customers.

Blank said there is still no evidence that the customer data is available for sale on the Internet, and the magazine appears to have obtained customer data from the same person who originally contacted T-Mobile in 2006, he said.

Although the company is unable to account for how the data was originally obtained from its database, it has improved its security procedures since 2006, Blank said. Those procedures now include the use of stronger passwords and access controls, and the logging of accesses to customer databases.

Customers worried about the disclosure of their mobile phone numbers can have them changed for free, the company said.

Deutsche Telekom has also been criticized for paying a little too much attention to the personal details of some of its customers. Its internal security staffers are accused of spying on the private phone use of members of Deutsche Telekom's board of directors, whom the company suspected of leaking sensitive information to journalists. The company said in May that it had called for an independent investigation of the affair.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
2015 Premier 100 nominations open
Premier 100

Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.