Apparently a cracker gained full access to the entire T-Mobile customer database sometime in 2003. The feds got a wind of the breach by March 2004, because the crackpot was selling confidential Secret Service documents online. T-Mobile was made aware of it by the feds in July 2004, although it is possible they also knew of the breach earlier.
What did T-Mobile do to protect the identity and confidential information of its customers? Nothing. Not a single warning was sent to customers, they did not force customers to change their passwords, they simply wished customers didn’t notice. This, btw, is illegal (civil) in California provided a law enforcement agency did not ask the company to postpone notifying the customers.
As a T-Mobile customer I’m amazed by the irresponsibility of T-Mobile. Thankfully my one-year contract with them is already expired and I’m free to switch to any provider I choose.
1/13/05 Edit: T-Mobile claims cracker only had access to 400 customers and all those customers were notified as soon as T-Mobile found out about the breach. I wonder, if T-Mobile knew at 2003, why the cracker still had access to a Secret Service agent’s account in March 2004.
-TPP