Lawsuit Targets Two Dozen Defendants Who Used Fraud to Set Up Online Accounts and Improperly Obtain Information
SAN ANTONIO, Aug. 23, 2006 — AT&T Services Inc. filed suit in federal court today to block some two dozen so-called data brokers from accessing customer information without authorization from the company or the customer.
“We’re taking this action on behalf of our customers,” said Priscilla Hill-Ardoin, chief privacy officer for AT&T. “We intend to vigorously pursue these individuals who, through fraud, have attempted to obtain unauthorized access to customer information.”
In some cases, individuals or data brokers use unauthorized access to telephone records, often to collect information for use in legal or domestic disputes.
The suit filed today in the San Antonio Division of the U.S. District Court for the Western District of Texas, names 25 “John Doe” defendants who have used fraudulent means to gain access to AT&T’s business records containing confidential customer information, including calling-record information.
No Social Security numbers, driver’s license numbers or similarly sensitive financial, credit or identity information was accessible.
The lawsuit is designed to provide the company with the legal process to use e-mail addresses and Internet Protocol addresses to identify the perpetrators, and pursue an injunction to bar such activity, as well as seek damages.
Hill-Ardoin said that an AT&T internal investigation identified about 2,500 customers as possible victims of data brokers. The customers involved have already been notified and access to their online accounts frozen for their protection.
“This affects only a tiny fraction of our customers,” Hill-Ardoin said. “But we will pursue this on behalf of our customers to the end. We’re encouraged that both federal and state legislators are taking a close look at specifically criminalizing this sort of fraud related to calling records.”
In a process known as pretexting, data brokers pose as the customer to gain confidential information. The perpetrators set up unauthorized online accounts by supplying private customer-identifying information. The online account provides access to the customer’s AT&T account information — including recent calling history.
Earlier this year, pretexting and data-brokering became the subject of extensive government investigation and lawsuits when it was disclosed that private investigators and other data brokers were selling detailed calling records and other customer information obtained under fraudulent conditions.
Citing the Computer Fraud and Abuse Act and statutes regarding Harmful Access by Computer and Fraud, AT&T’s suit seeks an immediate injunction to halt the unauthorized parties from accessing customer information or sharing it with any third party. The suit also seeks the return of any confidential customer information that the perpetrators may have in their possession, return of any profits the perpetrators derived and monetary damages.
In addition to seeking the legal sanctions, AT&T has taken additional steps to prevent this type of activity in the future. “Regrettably, there are always people looking for ways to circumvent the system,” Hill-Ardoin said. “But we intend to remain vigilant in order to keep our customers’ information secure.”
Note: This AT&T release and other news announcements are available as part of an RSS feed at http://www.att.com/rss.
