Last week many people were alarmed and outraged to find out that under certain circumstances, if you browsed the web with your mobile, the website owners could discover your telephone number! This is both shocking and unexpected, we don’t believe anyone expected this to happen, least of all the mobile operator at the centre of this drama, O2.
It transpired last week that if you had a mobile phone that could browse the web and you used the O2 network (which also includes piggy back customers such as Tesco Mobile and giffgaff), any websites you visited were informed of your mobile number. There were a small number of exceptions to this – if you were using WiFi, or you had a BlackBerry this didn’t happen – nice for BlackBerry and RIM to be on the receiving end of some good publicity during a disaster!
I don’t think anyone outside of O2 knows quite how long this was going on for, but once it had been outed, O2 quickly resolved the issue, gave you back your online anonymity, and issued an apology. It seems likely that privacy laws will have been breached as the Information Commissioners Office (ICO) is investigating the incident and may well take further action.
I don’t think the level of surprise and outrage is unjustified as this is a serious data breach. We know that when we phone someone we effectively give them our mobile number unless we choose to withhold it, we are also aware that when we text someone, whether that be an actual mobile number or a mobile text service operated with a short code and a keyword, that we are giving the person or text service our mobile number in order that they can respond. We don’t expect that when we access the Internet that we might also be unwittingly sharing our mobile number with the owner of the websites we visit.
The public is rightly alarmed by this and it would be easy to jump to conclusions that this could be nafaerious behaviour by O2 and its affiliate partners, but this does seem unlikely. O2 like most operators do some very clever things with the web pages you access via your mobile, and when an O2 customer accesses one of O2’s websites, they know who you are – no surprise there. This does make it very easy to access information about your O2 account from your O2 mobile, it all contributes towards making things work a little easier. It does seem though that someone in the technical department at O2 may have been a little laxidasical about exactly what data was presented in order to identify you and inadvertently made a change that shared your mobile number with every website you visited.
O2 should be praised for how quickly this mistake was corrected after it was discovered, and an apology was issued, all in under 24 hours. However it is quite worrying to think that this sort of thing can happen and that activity and information about you that you think remains private may well not be.
What are your thoughts on this? We would love to hear your stories on data breaches and whether you have been a victim of such activity.
A lifetime Brummie & Startup Mentor with several ventures under his belt. Phil has a infectious enthusiasm for fledgling businesses that easily hides an ability to cut to the chase in identifying what works, what doesn't, and translating ideas into viable businesses.