Miscreants Fined For Selling T-Mobile Customer Data
Two men have been fined a total of more than £70,000 for illegally selling lucrative customer data to third parties
Two former T-Mobile employees have been fined a total of £73,700 for stealing and selling on customer data from the company, concluding an investigation that began in 2008, according to the Information Commissioner’s Office (ICO).
The two were ordered to pay fines and confiscation costs as part of a hearing on Friday at Chester Crown Court.
David Turley and Darren Hames pleaded guilty to offences under Section 55 of the Data Protection Act (DPA) last year, the ICO said. T-Mobile and the ICO launched the investigation after finding that customers’ names, addresses, telephone numbers and contract end dates were being unlawfully passed on to third parties.
David Turley pleaded guilty to 18 offences in July 2010 and has been ordered to pay £45,000. He has been given a three-year conditional discharge and must serve an 18 month prison sentence if he doesn’t pay the fees within six months.
Darren Hames pleaded guilty to two offences last November and has been ordered to pay £28,700, plus £500 towards prosecution costs. He will serve a 15 month prison sentence if he fails to pay the costs within six months.
Information commissioner Christopher Graham said the case was intended to serve as a deterrent to others looking to cash in on the lucrative trade in mobile phone contract information.
“Those who have regular access to thousands of customer details may think that attempts to use it for personal gain will go undetected,” he said in a statement. “But this case shows that there is always an audit trail and my office will do everything in its power to uncover it. The lifestyle the pair gained from their criminal activities has been short lived and I hope this case serves as a strong deterrent to others.”
The ICO said mobile phone customers who are receiving unwanted marketing information or calls about their contract can tell the sender to stop contacting them and can register with the Telephone Preference Service. Those who receive persistent unwanted marketing calls, text messages, emails or letters can complain to the ICO.
The ICO said this case marks the first time the body has applied for and used confiscation orders under the Proceeds of Crime Act, which gives the prosecuting authority a proportion of any money recovered in a case for use in further crime prevention and detection. The ICO said it will use its proportion of the fees to fund training for investigation staff.
Last week the ICO handed down its biggest data breach fine to date, imposing a pentalty of £120,000 on Surrey County Council for disclosing individuals’ personal data on three separate occasions. The incidents included sending personal data to groups including taxi firms and people who had subscribed to the council newsletter.