Advertisement

O2 Says Sorry For Mobile Web Privacy Error

O2 Says Sorry For Mobile Web Privacy Error

Mobile provider O2 has apologised for an error with its service that resulted in some customers' phone numbers being shared with websites they visited while browsing on 3G.

Whenever a mobile user accesses a website from their phone they share information about that device with the site.

It usually includes the web browser and the model of phone being used to allow the website to display its information in a way that suits your device.

However, O2's mobile network in the UK was also including the phone number of some users in the data.

Malicious websites could use the information to target users with spam texts or scams.

O2 said the problem, which occured over the past 15 days, has been investigated and fixed.

In a statement on its blog , the company said: "Security is of the utmost importance to us and we take the protection of our customers' data extremely seriously.

"We have seen the report suggesting the potential for disclosure of customers' mobile phone numbers to website owners.

"We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused."

O2 added it was in contact with the communications regulator Ofcom and the information commissioner about the issue.

Twitter user @lewispeckover set up a website where users could check if they had been affected, and many reported their numbers were in the HTTP header data.

He told Sky News via email he was "gobsmacked" at what he had discovered.

"Some people have suggested that this was a mistake and those headers were only supposed to be sent to whitelisted sites - if that's the case, I would be very interested to know which sites are on this whitelist," he said.

"Then there's the harassment possibilities - want to get someone's number? Simply send them a link for them to view on their mobile, and voila, you have their phone number too."

Many disgruntled O2 customers also voiced their concern online.

Web journalist Rhys Griffith tweeted: "Not very impressed and will certainly think twice about renewing with @O2 in the future."

While Niall Rogers said: "Will be making a complaint to the Information Commissioner. Clear breach of data protection act - not happy."

The Information Commissioner's Office said the issue reported was a breach of the Data Protection Act and privacy laws.

In a statement, the data protection watchdog said: "When people visit a website via their mobile phone they would not expect their number to be made available to that website.

"We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."