Home Knowledge Mobile Phone Data Security – Hacking Response by Irish DPC

Mobile Phone Data Security – Hacking Response by Irish DPC

October 21, 2022

In light of the mobile phone hacking scandal in the UK the Office of IrishData Protection Commissioner (“ODPC”) is taking action to ensure mobile phonecompanies in Ireland review the security terms on which they offer remote accessto voice messages to their customers.

Mobile phone messages can be accessed from another phone by dialling thedigit five between the network code and the remainder of the mobile number, andthen entering a Pin number. The service forms part of a standard mobile phonepackage but is not used by many. Issues arise when the owner of the mobilephone fails to change the default Pin supplied with the phone. These Pins canbe hacked and stored messages can be accessed by third parties.

There is an onus on the mobile phone companies to keep the information intheir customers’ message banks secure. The Data Protection Commissioner (“DPC”)has been in talks with some of the major mobile phone operators in Ireland witha view to eradicating this security risk to mobile users. The DPC has suggestedthat this message service might be offered to customers on an “opt-in” basiswhere the onus is on the operator to seek the explicit consent of the user toactivate the messaging service for them.
In a statement the DPC alsomentioned that “there are other solutions which we have already discussed withthe mobile operators and which they are bringing to the table which will likelyachieve the same objective”. He did not elaborate any further. We will nodoubt hear more on this issue shortly.

Contributed by Leo Moore & Brian McElligott