Reports have been made that staff from T-Mobile passed customer details to third party brokers.
A report by BBC News claimed that the details of thousands of customers were passed on with brokers selling the data on to other phone firms who then cold-called the customers as their contracts were due to expire.
A spokesman for T-Mobile told said that the sale of the data had been 'deeply regrettable' and that it had been asked to keep it secret to avoid any criminal prosecutions being prejudiced.
He told BBC News: “T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner's Office.”
He continued by saying that T-Mobile and the Information Commissioners Officer (ICO) were working together and had identified the source of the breach, and that T-Mobile had 'proactively supported the ICO to help stamp out what is a problem for the whole industry'.
Commenting, commissioner Christopher Graham said the data breach was the biggest of its kind and added that the case illustrated why there needed to be a prison sentence to prevent people from selling private data to third parties. He also confirmed that the ICO was preparing a prosecution against those responsible for selling on T-Mobile data.
Neil McHugh, managing director of rightmobilephone.co.uk, advised those concerned to call their operator and ask for confirmation that their contact information is safe.
McHugh said: “If you are contacted by anybody who asks you when your contract is up, do not hesitate to ask who they are and where they got their information. Report the call to the Information Commissioner's Office which is investigating the leak.
“O2, Orange, Vodafone and 3 mobile phone networks declared that they were not the source behind the leak or official investigation early on, leaving T-Mobile with questions to answer and many fingers pointing in their direction. Now it has been found that rogue staff members at T-Mobile were behind the leak, I'm sure the network operator will have a large media storm to ride. Customers absolutely have the right to ask them whether or not their personal data is safe.”
Steve Moyle, CTO of leading database security provider Secerno, said: “As the news continues to emerge from T-Mobile, we know that given the number of records stolen along with the attempted sales to rival firms, we are dealing with a classic insider breach. In the digital age, your data is worth money, and people who are on the inside of the corporate firewall are not immune from theft.
“All companies should have policies in place for legitimate and normal database use, with alerts in place for any downloading of multiple records as well as the ability to immediately stop any large number of records from being downloaded.
“The second issue around this breach is the paltry sums that the offenders will be charged from violating the Data Security Act. The culprits will be charged thousands of pounds, which is not high enough to be a deterrent. The fines need to match the severity of the crime and to re-enforce the notion that stealing a person's information is a crime. These current fine amounts are not enough to do that, and the proof will come from the affected customers, who are likely to agree.”