MPs claim Orange, T-Mobile and Vodafone failed to notify phone hack victims in time
Some victims waited up to three years to find out their voicemail was intercepted
By Jeremy Kirk | IDG News Service | Published 12:42, 21 July 11
Two UK mobile phone operators took years to notify their customers that their voicemail accounts may have been illegally accessed, according to a report by the Home Affairs Committee.
The House of Commons committee report digs into the details of the so-called "phone hacking" scandal gripping Britain. The scandal revolves around private investigators and reporters who allegedly took advantage of weak security measures in order to access the voicemail accounts of public figures.
Three UK operators: Vodafone, O2 and the Orange/T-Mobile joint venture Everything Everywhere, knew that some of their subscribers had been targeted by Glenn Mulcaire, a private investigator employed by the tabloid newspaper News of the World, the report said.
Phone hacking scandal
Mulcaire was sentenced to six months in prison in January 2007 for unlawful interception of voicemail messages while the News of the World, reputation severely damaged by the scandal, ceased publication earlier this month.
Police decided that, while the investigation was under way, Mulcaire's victims should be notified of the intrusions either by police or by the network operators, according to the report. But a break-down in communications led police to assume that operators had contacted the affected customers, while two of the companies made no move to contact customers, believing that to do so would interfere with the investigation.
Only one operator, O2, checked with police in 2006 to see if it could notify customers without interfering with the investigation. O2 officials told the parliamentary committee the company received clearance to notify those affected within 10 days or so of learning that there was an investigation.
"Neither Vodafone nor Orange UK/T-Mobile UK showed the initiative of O2 in asking the police whether such contact would interfere with investigations," the report said. "Nor did either company check whether the investigation had been completed later."
Vodafone and Orange-T-Mobile said police did not tell them to contact customers until November 2010, the report said. Those companies did not have an immediate comment on Wednesday morning.
"We find this failure of care to their customers astonishing, not least because all the companies told us that they had good working relationships with the police on the many occasions on which the police have to seek information from them to help in their inquiries," the report said.
Notification by law
The notification procedure would be different if a large data breach occurred now. The UK's Privacy and Electronic Communications Regulations, which came into force on May 25, now requires any data controller including mobile phone companies to inform customers of a data breach, the report said.
The number of potential hacking victims continues to grow. Police have in evidence the names of 3,870 people who may be victims, along with some 5,000 landline numbers and 4,000 mobile phone numbers, which came from Mulcaire's documents. The committee wrote that although there may be some overlap in the phone numbers, it is possible up to 12,800 people have been affected that would need to be notified.
So far, just 170 people have been contacted by police, although 500 more people have inquired with police if they might be victims.
The committee wrote in its report that it could take more than a decade at the current pace for full notification. "This timeframe is clearly absurd," the committee wrote, adding that extra funds should be made available to police for the investigation.
Share:Facebook Twitter Google Plus Stumble Upon Reddit Share This Email this article
The Software Alliance explains why BYOD can be a legal nightmare for businessesmore ..
The number of ICT companies going into administration rose to 32 in the quarter to Januarymore ..
Customers "worried" over repercussions of conflict with Russiamore ..
Gen-Xer's and Millenials' different behaviours protecting sensitive data could be a concern for employersmore ..
Cybersecurity controls and reporting procedures should be assessed annuallymore ..
Balanced Scorecard is making risk management more tacticalmore ..