O2 has apologised for exposing customer mobile phone numbers to website owners, fixing the issue amidst hefty criticism.
The company was caught out by Lewis Peckover, a system administrator for a mobile gaming company, who revealed what O2 was doing via a specially-crafted webpage showing information the site received about visitors.
When an O2 phone connected to the site it showed the telephone number in plain text. No other operators were guilty of doing the same.
O2 has now stopped sharing customer numbers in this way, but many remain concerned about what companies have their contact details.
O2 issued an FAQ on its official blog, claiming it only shared numbers with "certain trusted partners," but a mistake made during technical changes meant website owners could see them.
Numbers started being shown to website owners from 10 January.
"We share mobile numbers with selected trusted partners for 3 reasons: 1) to manage age verification, which manages access to adult content, 2) to enable third party content partners to bill for premium content such as downloads or ring tones that the customer has purchased 3) to identify customers using O2 services, such as My O2 and Priority Moments," the company said.
"This only happens over 3G and WAP data services, not Wi-Fi."
Despite its explanation of why it was sharing users' telephone numbers, O2 still decided to fix the issue.
It has also contacted the Information Commissioner's Office (ICO), saying it would be cooperating fully. Ofcom has also been informed.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
