MPs blame mobile phone companies over hacking scandal

Orange, T-Mobile and Vodafone should have done more to protect and alert customers, according to a Commons Home Affairs Committee report

The Commons Home Affairs Committee, a body appointed by the House of Commons to examine Home Office policy, has blamed mobile phone companies for failing to tell their customers that they had been hacked.

It released a report today entitled 'Unauthorised tapping into or hacking of mobile communications', detailing the results of its investigations into the recent phone hacking scandal which saw the closure of Sunday tabloid The News of the World.

In its report, it describes how the Committee asked mobile phone companies Orange, T-mobile (in their 'Everything Everywhere' joint venture), O2 and Vodafone if their employees may have been complicit in attempts to hack into private voicemail accounts.

The scope of the investigations were restricted to these three companies, as the victims so far identified were all customers of these brands.

The committee also asked the companies if they had performed their own investigations into how their customers may have been hacked.

Only Vodafone provided a direct reply. According to the report, Vodafone said: "It appears that attempts may have been made by an individual/individuals to obtain certain customer voicemail box numbers and/or PIN resets from Vodafone personnel by falsely assuming the identity of someone with the requisite authority."

The committee went on to recommend that mobile phone providers emphasise the need for security to their customers. "We would like to see security advice given as much prominence as information about new and special features in the information provided when customers purchase new mobile communication devices."

Orange and Vodafone were blamed for being slow to alert their customers that they had been hacked. The companies stated that they had been trying to avoid prejudicing police investigations, but the committee felt this showed a lack of initiative.

"Neither Vodafone nor Orange/T-Mobile showed the initiative of O2 in asking the police whether such contact would interfere with investigations. Nor did either company check whether the investigation had been completed later," the Committee stated.

"We find this failure of care to their customers astonishing, not least because all the companies told us that they had good working relationships with the police on the many occasions in which the police have had to seek information from them to help with their inquiries."

The committee stated that it expected companies would get better at notifying customers of potential data breaches as a result of new legislation to be brought into force.

"We expect that this situation will be improved by the the new Privacy and Electronic Communications Regulations, which will force companies that discover a breach of data security to notify not only the information commissioner, but also their affected customers."

In its conclusions, the committee strongly stated that just a small proportion of those likely to have been affected by the phone hacking scandal have so far been notified.

"We note with some alarm the fact that only 170 people have as yet been informed that they may have been victims of hacking."

It speculated that up to 12,800 may have been affected in reality.