In response to a letter from Senator Ron Wyden, T-Mobile has come forth with more location data abuses by third parties (via Motherboard).
Five Instances of Abuse
In a letter written by Anthony Russo, vice president of Federal Legislative Affairs at T-Mobile U.S., it mentions that the carrier is aware of five instances of alleged abuse of T-Mobile customer location data.
In one case, location aggregation company LocAid told T-Mobile in 2014 it was suspending the account of a customer called Freedom Telecare “due to an identified vulnerability in the consent mechanism.”
There was suspicion that a bad actor, who was a paying customer of Freedom Telecare, had acquired location information without customer consent, but review of the evidence could not confirm improper disclosure of location data.
Other carriers responded to the letter as well. AT&T said it hasn’t found location data abuses aside from an incident by a company called Securus, which T-Mobile was also involved in. Sprint wasn’t aware of any cases.