Five men working as subcontractors for South Korea’s two largest mobile providers have been arrested for illegally acquiring and selling personal information and location data from likely hundreds of thousands mobile users.

The men, who were doing online field tracking services for SK Telecom and KT, developed software that would secretly log the user data, and then turn around and sell it to private investigators for about 300,000 won ($263) a pop. The private detectives likewise turned around and sold the data to individual clients, in about 200,000 cases. The private eyes were selling the data packets for roughly 500,000 won ($439). Police arrested data thieves, a private detective agency owner and a data broker.

A South Korean police official was quoted as saying, “the program had been used for commercial reasons for three months since August last year. But it is assumed that not all the tracking cases were tracked in violation of the law. We plan to further expand related investigations because we have found that as many as 1,000 clients requested information tracking and the destinations of the leaked information have not been disclosed.”

KT and ST Telecom both claim to have known nothing of the data theft until the arrests were made. The case echoes the incident at T-Mobile in 2009, where employees were caught selling customer data to competitors. There’s only so much a company can do to screen its employees, especially those who are subcontracted. Or, one can just be like Facebook, and not screen outsourced workers at all.