T-Mobile UK has admitted to a breach of the Data Protection Act after its customers' private details were sold to other companies for a profit.

One of the firm's employees sold customer contract expiration details to brokers, who then sold the information to T-Mobile competitors, according to reports. The customers were then contacted just before their T-Mobile contracts were due to end.

The Data Protection Act forbids the selling of an individual's data without their consent.

"T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner's Office, " a T-Mobile spokesman told the BBC.

The first news of the scandal emerged yesterday when Christopher Graham, the Information Commissioner, discussed the case without naming the company. Graham confirmed that the names, addresses, telephone numbers and contract details were sold to competitors.

O2, Vodafone, Orange, 3 and Virgin had all denied being involved, and it became clear that T-Mobile was the guilty company.

Graham has stated that he intends to prosecute the employee responsible.

Graham Cluley, senior technology consultant at security firm Sophos, said in a blog post that T-Mobile is likely to have lacked important data protection processes.

"One of the central problems here is that many companies are not doing enough to secure the data they hold about every one of us," he wrote.

"The cheapness and availability of devices like USB thumb drives has just made it easier than ever to scoop up large databases and waltz out of the office without anyone suspecting a thing.

"Technology does exist to help intercept and control the movement of personal data inside organisations, but many firms have still not taken even the most basic steps to halt it dead in its tracks."