T-Mobile selling customer details: Enough grounds to end your contract?

purplepardalis

I ended my contract with T mobile today. I was nearly at the end and had to pay my remaining month but I am angry that only due to the media exposure I found out my details were sold on. Apart from that T mobile were a very good provider. Good customer service - my contract wasn't the cheapest but I never pushed for the best, just what I needed. But I lost trust in them so I left. Oh, and got my iPhone from elsewhere although I was planning on tapping T mobile up for one :-)

greyster

i'm surprised you actually paid T-Mobile to leave early. This happens to a large company every 3-4 months in the papers. There is no way that a company can stop a single person from its data, especially if the people in question are trusted with data. Yes they can improve their security which was probably already good but what can they do realistically.

You got to think, when another big utility bill company makes a mistake, are you going to leave them? The government needs to toughen the laws so that the employee in question gets a prison sentence. I actually feel sorry for the companies who lose millions in reputation over one single idiot, who at worse will face a £5000 fine and a sacking. In the case of T-Mobile, he's already gone.

So in my view, your wasting money leaving early. Its going to happen to another company you are associated with soon.

Its also worth noting the breach was less sensitive than TKMAX who lost credit card data from customers. This was literally your name, telephone number and when you are due an upgrade. So what happens at best, you get a cold call. We all get them and we are all !!!!ed but I wouldn't phone up the company and leave early over it. My view of course.

chattychappy

greyster wrote: »

i'm surprised you actually paid T-Mobile to leave early. This happens to a large company every 3-4 months in the papers.
...My view of course.

And my view too.

If a company doesn't do what it's supposed to under a contract, you MAY be entitled to cancel and walk away but often the most you can do is just continue with it and get damages.

This lawyer's opinion (and it is not advice to anyone) is that T-mobile probably have broken the terms of people's contracts (implied or otherwise) but that it's not so serious as to allow people to escape. I'm sure it is very serious as a data protection issue - and people are seriously upset - but in the context of a contract for telephony they are still performing their key obligations. Afterall, you can still make calls, receive calls, send texts etc. It is not impossible to continue with the contract. For a customer to succeed, I think he/she would have to show that either T-mobile had agreed in advance that such a breach would afford such a remedy, statute intervenes to allow that, or convince a judge that such a breach is so fundamental as to allow repudiation. (I don't think it is, but others might take a different view.)

The "damage has been done". If you can point to a monetary loss because of it, then there could be a claim against T-mobile.

Else I think it's best to be pragmatic.

t_mob_insider2

donnajunkie wrote: »

i have pay as you go with t mobile. i got a call last week from the 3 network trying to get my custom. i havent given my number to anyone other than friends. so i am now wondering if i am one of the customers who has had their details sold illegally.

i doubt it - as i believe that the only details that were comprimised were customers who were due for upgrade on a 12 months period on the run up to December 2008.

unfortunatly there are idiots that work within industrys like this trying to make a quick buck by any means they can i personally am not aware of them but do think that it must be someone that perhaps works in IT to be able to get acess to that type of data.

No financial data or security data eg. passwords were comprimised only what i previously said - this may be an incovinience to some but easiest thing to do would be simply to call up T-Mobile and get you telephone number changed if you truley are worried & are recieving mallicious calls from 3rd party companys 5 times a day

If anyone gets cold calls like i often do, simply ask to be removed from the database if changing you number is not an option.

T-Mobile like its customers are victims in this case as the data has been stolen from them - not simply sold on by t-mobile.

T-Mobile adheard fully with the correct authorities ( ICO ) to get the matter resolved as quickly as possible to locate the source of the breach ( Internally it was kept quite to help with the investigation ). When the news did break staff were not aware of what had happened until the following days. I was totally shocked that this had happened and knew what we were going to be in for in the coming weeks with irate customers looking for justice ( saying we have broke T&C's , DPA & going to lawyers, going to Trading Sandards & CAB ) or more information on what had happened, which i could only empathise with.

As an amployee I can only appologise to customers that think there details have been comprimised ( im not sure if t-mobile have an exact list of numbers that have been stolen ) and hope that what i have previously mentioned about changing there telephone numbers can help rather than changing provider.

I know T-Mobile are strict with DPA just like the next company but everyone must admit that it is impossible to know what goes on in some employee's heads ( £££££ ) therefore impossible to be 100% secure when it comes to handling customers data. Christ the government were on a roll loosing data all the time it seemed last year. haa haa

I appolgise for any spelling errors in this.

surfer78

Spoke to T-Mobile and said I want to end my 18 month contract due to their inability to secure date. Told them that irrespective of the fact they had probably not sold my data the fact that it was even possible to remove that information showed their systems were not secure and they were in breach of their privacy policy.

After various arguments along the lines of "it wasn't us it was a rogue employee", well vicarious liability means that is tough for you but still T-Mobile's problem and "we are not in breach of the privacy policy", details were sold which is in itself a breach. Coupled with the fact that CD Drives and USB ports were not disabled and that files containing info could be sent outside the system as it had to be one of these ways that the information was removed, unless the employee copied all of these details off the screen. All of this means that T-Mobile's data protection systems are wholly inadequate.

After 48 hours and speaking to a number of managers my contract is now ended with no fee payable.

Madasacat

Did they give you a hard time or was it pretty straight forward. I would love to end my contract as I too have had calls and the network cover in my home is non existant

surfer78

Initial call was passed over to a manager who tried to give me a hard time. With enough arguing she decided she would need to consult the legal dept. 48 hrs later get a call from another manager who tries to go through the preprepared Q&A. Stick to your guns on the points I mentioned earlier, particularly the fact that it should never have been possible to remove that data in the first place and hopefully they will cave as they did with me.

In all fairness to T-Mobile the only reason I would consider them again in the future is that they were big enough to cancel the contract. Showed a logic towards customer service that you rarely find in business these days.

greyster

surfer78 wrote: »

Spoke to T-Mobile and said I want to end my 18 month contract due to their inability to secure date. Told them that irrespective of the fact they had probably not sold my data the fact that it was even possible to remove that information showed their systems were not secure and they were in breach of their privacy policy.

After various arguments along the lines of "it wasn't us it was a rogue employee", well vicarious liability means that is tough for you but still T-Mobile's problem and "we are not in breach of the privacy policy", details were sold which is in itself a breach. Coupled with the fact that CD Drives and USB ports were not disabled and that files containing info could be sent outside the system as it had to be one of these ways that the information was removed, unless the employee copied all of these details off the screen. All of this means that T-Mobile's data protection systems are wholly inadequate.

After 48 hours and speaking to a number of managers my contract is now ended with no fee payable.

How many months into your contract were you?

BTW... CD Drives, USB stuff... really not relevant because no organisation is going to remove USB/drives from every PC in the business including managers and senior managers. It only takes one person trusted with backend systems to leach all the data in one move. It is similar to the ancient term 'trojan horse' (not computing version). Anyone who is trusted can sneak in and take what they like in any organisation. The only thing that really stops people is morals or the risk of being caught.

surfer78

12 months in.

The point is that it should only be senior management able to access and/or move this data. If only their computers are able to remove data it means there are only a limited number of people who can be held liable and the fact that it would be so obvious as to who was responsible for any data breach should prevent the removal of the data. Coupled with this is the fact that there should only be a relatively small number of machines to monitor for breaches of data.

t_mob_insider2

surfer78 wrote: »

12 months in.

The point is that it should only be senior management able to access and/or move this data. If only their computers are able to remove data it means there are only a limited number of people who can be held liable and the fact that it would be so obvious as to who was responsible for any data breach should prevent the removal of the data. Coupled with this is the fact that there should only be a relatively small number of machines to monitor for breaches of data.

Senior managment would probablly have no access to this information beacuse they wouldnt need the information - this could possibly only be obtained by some sort if IT tech perhaps. The breach was idendified and the culprit or culprits were caught.