Get in Touch

  • Email Us
Call Us
  • INTL 001.562.252.3789
  • USA 800.430.4095
  • UK (+44) 20 3695 2266
  • Switzerland (+41) 43 508 4676
Aidan Hiljeh

UK Carrier's Security Breach: A Lesson in Bad Privacy Practices

Feb 27 2012, 06:01 PM by

Privacy is a huge deal in this interconnected world we live in. The more devices consumers use to transmit and share their data, the more important privacy will become. Companies must go above and beyond to ensure that the consumer’s information is protected, but over the years we have learned that some are much better at this than others. Apparently O2 is one company that still has some significant improvements to make in the way of privacy practices.
What’s Your Phone Number?
O2, a cellular phone network that operates out of the United Kingdom, was recently the victim of a major security breach. Sadly for the European carrier, it appears to have been totally at the fault of its own. Apparently the problem stemmed from routine maintenance, yet what occurred afterwards was anything but. As a result of the error, customers had their phone numbers sent to the websites they browsed on their mobile device - without their permission.

In most cases, a carrier sends a website basic details such as the user’s IP address, user-agent and referrer. The breach resulted in O2 sending the complete number of their mobile phone and, in turn, allowed those sites to learn much more than the average user would prefer them to know in the calling line ID header. Not only did the issue affect O2 devices, but also customers of GiffGaff and Tesco Mobile, two mobile phone companies that offer services powered by the O2 network.

O2's unfortunate mishap was detected by Lewis Peckover, a mobile app developer who built a website that showed the phone number of users who had recently paid a visit. This was confirmed when technology news site The Next Web ran a test using an O2-connected iPhone and found out that the handset’s phone number was displayed in the header info just as Peckover had reported. While not all customers suffered from the breach, none of that mattered once the word got out. From there, it did not take long for affected subscribers to start voicing their displeasure about the problem on Twitter.
Paying the Cost
In April of 2011, tech giant Apple found itself in the middle of a heated privacy issue over its mobile device security, or lack thereof. As it turns out, a software glitch in iPhones running version 3.2 of the iOS operating system and higher logged the location data of users in unencrypted form on the actual handsets themselves. Apple worked quickly to resolve the matter, but not before millions of iPhone customers found out and responded in outrage.

The recent debacle involving the O2 cellular network is being viewed as a such a big deal because it is a serious breach of the customer’s privacy. Any subscriber who was affected by the issue could have had their phone number targeted for text spam, hacking and various other attacks today’s mobile devices are vulnerable to.

With members of the privacy community watching the mobile industry intently, the Information Commissioners Office (ICO), a group that regulates and enforces laws concerning data protection in the U.K., has stepped in to investigate the matter. The ICO said it is currently looking into O2 to get a better understanding of what caused the slip-up and to remind the carrier of the importance of notifying customers of data breaches before taking any action.

O2 quickly apologized for the security issue and began conducting its own investigation to track down the source of the problem. And while it claims the matter has been resolved, the company could literally have its day in court very soon. Whether you have a handful of clients or thousands, let this be a lesson that customer privacy is an area your business cannot afford to slack in.

Posted in Tips & Resources, Current Events

Related Blogs