An email to T-Mobile

From: Ryan Grove <ryan@wonko.com>
To: privacy@t-mobile.com
Date: Wed, 12 Jan 2005 11:34:22 -0800 (PST)
Subject: Personal information privacy concerns

As a long-time T-Mobile customer, I'm very concerned about the recent news that Nicolas Jacobsen, a 21 year old computer cracker, had access to T-Mobile's servers and sensitive customer information for over a year (see the article at http://www.securityfocus.com/news/10271).

According to the article, T-Mobile has known about the intrusion since July of 2004, yet has not made any effort to alert customers of the breach or the possibility of identity theft. The article also states that no one at T-Mobile would comment on the matter. I find this distressing. T-Mobile has my name, address, phone number, social security number, birthdate, and credit card number, not to mention a complete record of every phone call I've made or received via my cell phone. In the wrong hands, that information could be used to destroy my life. Identity theft is not just an inconvenience; it can be completely devastating for the victim. Yet T-Mobile seems to be trying to ignore the problem.

What steps have been taken to close the security vulnerability exploited by Nicolas Jacobsen? What steps are being taken to ensure that my personal information is secure now and in the future? What steps have been taken to determine whose information Jacobsen accessed? Have those customers been notified that their personal information was compromised and may now be available on the black market?

My fellow customers and I have a moral, if not legal, right to know these things and, furthermore, a responsibility to demand that T-Mobile answer these questions. A response -- especially one in which these questions are answered or at least addressed -- would be greatly appreciated.

Thank you.

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

Update: As several commenters and even our friendly neighborhood T-Mobile representative Ross Howard have pointed out, there's an Associated Press article with a little more information on the incident. It turns out Jacobsen only had access to the info of 400 customers, and those customers were notified privately by T-Mobile.