Verizon sues pretexters in HP case
Verizon Wireless Inc. has sued Hewlett-Packard Co.'s (HP's) private investigators for faking their identities to obtain other people's phone records, a practice known as "pretexting."
In a case filed Thursday in U.S. District Court in New Jersey, Verizon asked a judge to award it damage payments and to block the defendants from gaining any more records.
Verizon said it did not know the investigators' identities, but defined them as "John and Jane Does" who were retained by HP in 2005 and 2006 to investigate confidential information leaks from HP's board of directors, according to the lawsuit.
Those people obtained private information about Verizon Wireless customers by using pretexting calls to gain access to the company's protected computers and data storage facilities. They then sold that information. Both actions violate the national Computer Fraud and Abuse Act, Verizon said.
The scandal has already forced Patricia Dunn to resign as HP board chairman, and sparked investigations by the California attorney general and the U.S. House of Representatives.
In court papers, Verizon described how a woman called Verizon customer service on May 17, 2005, asking to see phone records for an HP director. She called back three days later, arranging to block text messages to that phone and logging on to the person's online account. Then, on Feb. 1, 2006, someone called Verizon customer service again, asking for the number of a second phone on that account. Later that day, the person logged into the account again and changed the password, this time from a computer with a different IP (Internet Protocol) address.
The next day, someone called Verizon and asked to see call records of the director's spouse. Verizon workers grew suspicious and placed a warning on the account. Someone called again on March 1, offered the spouse's Social Security number and asked for the mobile phone number. Already wary, Verizon workers called the mobile phone and found that the customer's voicemail did not match the caller's voice. When someone tried again to access the records on March 14, Verizon workers refused.
Verizon hopes the lawsuit will help restore its customers' confidence in the security of their records, saying that its reputation has been harmed by the spying.
"Verizon goes to great lengths to protect confidential customer information," including training its customer service representatives to identify the schemes used by illegal data brokers, the suit said.
Despite those precautions, the HP investigators used "fraud, trickery and deceit" by making pretexting calls to Verizon representatives to gain unauthorized online account access, the suit alleges. Verizon said it will update the suit once it learns their identities.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
