The Information Commissioner's Office (ICO) has been investigating the theft and sale of T-Mobile customers' personal data for almost a year, it has emerged.
News of the security breach, which saw rogue staff at the mobile operator divulge contract details to cold-calling marketeers, was only released to customers last month.
According to a Freedom of Information Act response, T-Mobile told regulators about the raids on its database on 16 December 2008.
The ICO today said its investigation is still ongoing. A spokeswoman said it had announced the breach only to highlight its lobbying campaign for new criminal offences to be created for those who abuse personal information.
The ICO did not last month name T-Mobile as the the mobile operator at the centre of the contract data scam, but its rivals quickly denied they were involved.
News that both the firm and regulators have known about the breach is likely to annoy customers who received unexplained and unsolicited marketing calls.
The ICO has previously backed calls for laws to force companies to disclose major data breaches to their customers, but T-Mobile said it was ordered to keep quiet, and was surprised when the ICO issued a press release that made identification by elimination trivially easy for the media. ®