Deutsche Telekom, owner of the T-Mobile wireless network, admitted this weekend that the mobile service suffered a data theft in 2006 that may have exposed the personal information of some 17 million customers.
Deutsche Telekom made a statement about the T-Mobile data theft on Saturday, anticipating the release of a story about the breach by the German magazine Der Spiegel on Sunday.
"According to the magazine Der Spiegel, a storage device with 17 million mobile telephone data records is in the hands of unknown parties," Deutsche Telekom confirmed. "The data relate to both prepay and postpay customers. Apart from names, addresses and cell phone numbers, the data, in some cases, also include the date of birth or e-mail addresses. The records do not contain bank details, credit card numbers or call data."
T-Mobile disclosed the theft to law enforcement -- but apparently, not to the public or to the customers involved -- in spring 2006, according to the statement. Authorities were able to recover the stolen device, and since the service provider had no evidence that the data had been compromised, no public statement was made.
"Extensive research conducted over several months on the Internet and in data trading places could not reveal any clues indicating that the data had been offered or disseminated on the black market," Deutsche Telekom said. "Owing to this, Deutsche Telekom assumed that there would be no dissemination of the data."
In its Sunday article, however, Der Spiegel reported that it was able to access the stolen data via criminal third parties. The magazine reported that the data includes the private details of several prominent entertainers, TV stars, politicians, businessmen, and millionaires, and that distribution of their data by criminals could pose a safety risk.
"Until now, we were under the assumption that the data in question had been recovered completely as part of the investigations of the public prosecutors' office and were safe," said Philipp Humm, managing director at T-Mobile Deutschland. "Notwithstanding the fact that the culprits have been at work with a tremendous criminal potential, we earnestly regret to say that we have not been able to protect our customer data in line with our standards."
A T-Mobile spokesman stated that "according to our information, even though these details have been put up for sale on the black market, there has not been a buyer."
T-Mobile says that, following the data theft, it intensified its security measures: "Among other initiatives, complex passwords have in the meantime become a technical necessity, access authorization has been restricted to an even greater extent, access to databases managing customer data is being monitored closer than ever and registered, and a semi-automatic security monitoring system for database administration and configuration has been developed."
Deutsche Telekom has already been through one privacy scandal this year. In May, the service provider was accused of violating privacy laws by analyzing the phone records of its employees and targeted journalists in an attempt to stop leaks to the press. (See Deutsche Telecom Spied on Employees, Journalists.)
T-Mobile came under scrutiny in 2006 when several journalists were able to purchase mobile phone records of well known celebrities for about $100.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.