Two former T-Mobile staff have had to pay £73,700 in fines and confiscation orders after being found guilty of selling on the details of half a million customers to direct marketing companies.
Darren Hames, an area sales manager for the mobile phone operator in Hatfield, stole the information about customers whose contracts were due to expire by copying them onto a memory stick. The data included customer contract renewal dates, names, addresses and phone numbers.
Hames promised to supply David Turley, whom he had met when both of them worked at a T-Mobile office in the West Midlands, with the details of 30,000 customers per month.
Turley had, in turn, set up his own business to cash in on the scam and sold the information to direct marketing companies that cold call customers to encourage them to switch to rival operators. The information was handed over at a McDonalds outlet.
Following a two-year investigation by the Information Commissioner’s Office, Turley pleaded guilty to 18 breaches of section 55 of the Data Protection Act by obtaining, disclosing and selling the data between 2007 and 2008, while Hames admitted to two.
Chester Crown Court ordered Turley to surrender £45,000 under the Proceeds of Crime Act and Hames to pay £28,700. If they fail to hand over the money within six months, they will go to prison for 18 and 15 months respectively. It is the first time that the ICO has successfully applied for a confiscation order.
Information Commissioner Christopher Graham told the Register tech web site: “Today’s hearing marks the final chapter in an investigation that has exposed the criminals behind a mass illegal trade in lucrative mobile phone contract information.”
Those with regular access to thousands of customer details may think that attempts to use it for personal gain would go undetected. But this case showed that there was always an audit trail and “my office will do everything in its power to uncover it”, he added.
The scandal is also embarrassing for T-Mobile, however, as it was accused of failing to protect confidential information adequately. The firm had contacted the ICO when it first suspected that someone was passing on information in December 2008.
A spokesman told the Daily Mail: “We hope this serves as a significant warning to those who seek to profit from unlawfully obtaining customer data.”