T-Mobile is the latest in the list of recent high-profile data breaches, though this time the breach is not carried out by “Peace” – the Russian hacker who was behind the massive breaches in some popular social media sites including LinkedIn, MySpace, Tumblr, and VK.com.
Instead, one of the T-Mobile’s employees stole more than 1.5 Million customer records at the T-Mobile Czech Republic in order to sell it on for a profit, according to local media, MF DNES.
A million and a half customer records have strolled out the door of T-Mobile Czech Republic in an employee’s pocket.
The customer service staffer attempted to sell the datasets but T-Mobile refused to reveal further detailed information, citing an ongoing police investigation.
It is unknown how much of the usual name, e-mail address, account number and so on that the marketing database contained. T-Mobile Czech Republic says only that it did not include location, traffic, or other “sensitive data such as passwords”.
There was also no word on how a single staffer, since sacked, could have had access to 1.5 million records and been able to siphon it off en masse.
T-Mobile Czech Republic managing director Milan Vašina says there was “no actual data leak” adding that “data are (sic) safe”. It is unclear if the company is claiming the records were for sale but remained not purchased.
“Although we found no system failure during a thorough check, we will check the whole system again and consider the introduction of other precautionary measures if necessary,” Vašina says in a statement.
The telco says its “robust security mechanisms” meant it could “respond immediately and secure the database”.
said the offending staffer was part of a “small team” which “worked with customer data”.
“Immediately upon becoming suspicious that a crime had been committed, we took all the necessary steps in cooperation with the Police of the Czech Republic,” it says.
Local media outlet iDNES.cz reported the breach ahead of T-Mobile’s statement.
The breach was not connected to a signal failure in April, the company says, nor a failure of system or procedures.
“Therefore, this is a case of a failure of an individual and not a system or procedural failure,” the telco says.
“The only risk to which our customers could theoretically be exposed is that they might potentially be approached with unsolicited marketing offers.”
The company says it will update customers with any further developments.