The private details of millions of mobile phone customers, including their numbers and addresses, have been sold illegally.

Staff at T-Mobile passed the information to brokers who then sold it to rival phone companies. The companies then called customers as their contracts were due to expire to offer a better mobile phone deal.

T-Mobile confirmed that it was being investigated for breaching data protection rules after Britain’s information watchdog said that an unnamed mobile phone company had been involved in the illegal sale of customers’ records.

T-Mobile suggested that it was an industry-wide problem, while sources said that a single employee, who was now facing prosecution, had been responsible. The company is Britain’s fourth-biggest mobile phone provider and has 16.6 million customers.

Christopher Graham, the Information Commissioner, said that he wanted to close down the “entire unlawful industry in personal data”.

“Many people will have wondered why and how they are being contacted by someone they do not know just before their existing phone contract is about to expire,” he said. “We are considering the evidence with a view to prosecuting those responsible.”

The Government plans to give courts the power to impose jail terms of up to two years on those who breach data protection rules. At present, only fines can be levied.

Britain is one of the world’s most competitive mobile phone markets. There are five network operators and a host of virtual operators, including Virgin Mobile and Tesco Mobile, which use capacity from the network owners to offer cheap or targeted services.

While the operators have worked hard to reduce “churn” — the rate at which customers defect to rivals — thousands of third-party resellers still regularly cold-call customers to persuade them to join other networks. It is these third-party sellers that pay employees of the networks to get customer details and to find out when a subscriber’s contract is nearing its end.

Industry sources disputed Mr Graham’s claim that millions of mobile phone records had been sold on, suggesting that the real figure was in the thousands. However, the Information Commissioner’s Office stood by its claim that millions of records were involved and that large sums of money had changed hands for the information.

T-Mobile said that it was surprised the details of the investigation had been made public, as it had been asked to keep the matter secret to avoid prejudicing a possible criminal prosecution.

“T-Mobile takes the protection of customer information seriously. When it became apparent that contract renewal information was being passed on to third parties without our knowledge, we alerted the Information Commissioner’s Office,” said a spokesman for the company.

Mr Graham, who took over as Information Commissioner in the summer, said that investigators had been working with T-Mobile after it reported suspicions of an unlawful trade in customers’ data.

The team from the Information Commissioner’s Office obtained search warrants to enter premises and has also interviewed employees.

Jill Johnstone, director of Consumer Focus, said: “Those responsible for trading the personal details of mobile users should face a tough penalty.

“This is a serious incident and shows the need for tighter data security among mobile phone providers. Customers at risk should be informed immediately and put on alert about marketing calls.”

Chris Huhne, the Liberal Democrat’s Home Affairs spokesman, said: “This shameful incident shows the disdain with which some companies treat sensitive personal data. Stiffer penalties for those involved in serious data breaches, whether in the public or private sector, cannot be introduced soon enough.”