Sprint Nextel sues over sale of call records

Sprint Nextel has filed a second lawsuit against a company that it claims is selling confidential call records and information of its wireless customers over the Internet.

On Monday, the mobile operator filed a suit in Dade County, Fla., against All Star Investigations (ASI), a company believed to own and operate Web sites including OnlinePI.com, AllStarInvestigations.com, DetectivesUSA.com, MiamiProtection.com and PrivateDetectivesUSA.com. Sprint claims that these sites have fraudulently obtained and sold private billing records of its customers.

This is the second lawsuit Sprint has filed against a company it said is selling customer cell phone records online. On Friday, it filed a lawsuit against First Source Information Specialists, parent company of Locatecell.com, Datafind.org and others. In both suits, Sprint is asking the court to impose both temporary and permanent injunctions against these companies.

"The schemes perpetrated by these online data brokers are intolerable, and our intent is to put an end to these practices," Kent Nakamura, vice president for telecom management and chief privacy officer for Sprint Nextel, said in a statement. "These online data brokers attempt to manipulate our customer service resources and detract from service provided to legitimate customers."

A spokesman for the company said Sprint Nextel is continuing a full-scale investigation into other companies, but for now, it does not plan to file any additional lawsuits.

The companies being sued could not be reached for this story.

Sprint's lawsuits are the latest in a series of legal actions by cell phone carriers. Cingular Wireless, Verizon Wireless and T-Mobile have also filed lawsuits against companies that own Web sites selling customer information. T-Mobile and Cingular have each won temporary restraining orders against First Source Information Specialists.

The recent lawsuits have prompted U.S. lawmakers, state attorneys general and the Federal Communications Commission to look more closely at the collection of consumer data.

The House Committee on Energy and Commerce scheduled a hearing on the issue for Wednesday, and the Senate Commerce Committee plans to hold a hearing on Feb. 8, the panels announced Friday. Lawmakers on both committees are drafting legislation.

Lawmakers in the U.S. House of Representatives and the U.S. Senate have proposed new legislation to criminalize the activity of fraudulently obtaining customer information.

[willv]

Who owns your phone number?

Now that they have made it the law that you can take your cellphone number with you to another provider, I say the consumer should own their number(s) until they give their number up by canceling or non payment to their cell phone provider. It is getting to dang easy for people to get your personal data and use it agenst you (identiy theft is just a drop in the bucket!)

(turning rant off now)

Will

[Razzl]

What about internal security?

Okay, I have no problem with Sprint suing some of the bad guys, but the real cure to this problem, the thing that would have prevented it all in the first place, is for these companies to have sensible internal security procedures in place to begin with. Why would anyone need their cellphone records so badly that they can't wait to go online for a couple of minutes to fill out a form with discrete security questions that the harvesters can't hack easily, like they do with credit cards? And why would customer service reps. give out such information on the phone without similar security checks? This lawsuit looks like smokescreen from a company that doesn't want to be bothered to fix the real problem...

[freq]

popostrus!!! the telcos should be sued!

if the telcos want to sue, the should sue the government!!!!

sue everybody!

[Joe Blow]

Fraud is Fraud ...

and I find it curious how it can be "legal" to obtain what is clearly sensitive personal data and resell it (what the purveyors of this data claim). From what Sprint, et al, are saying, it appears that people who have access to this data are selling it out the back door. On the other hand, the telcos may just be jealous that someone else figured out how to make money from this data before they did, or they managed to establish a "blind eye" way to sell the data without the public relations hassle. I wouldn't be surprised to find out that people in telcos have some financial interest in the data brokers, which are obviously high-speed/low-drag shell operations, with their major costs of operations being the price of a domain name and web servers capable of taking and filling orders for data via credit card. Whether they're telco executives and/or people with direct access to the data (dbadmins, sysadmins, netadmins, computer security people, etc.), hopefully they weren't smart enough to know how to hide their tracks by disabling/modifying security logging, sneaking copies of backup storage media out of facilities, etc. I doubt that it was done via duping customer service people, as it would take minutes to obtain the info on a single call, and these perps allegedly have access to pretty much any record of any cell phone call anyone has made.

In any case, who knows how much data is already out of the barn, and how long it's going to take just to find out where it all is, much less how to reprotect it, if even possible. I think I see a business opportunity in phone call forwarding proxies, similar to the old Web surfing proxies that allowed you to hide where you surfed, or the e-mail proxies that concealed where e-mail was actually sent from (all of which died in the wake of 9/11 and the subsequent taps the FBI and NSA mandated the ISPs and telcos install to allow for instantaneous tracking of Net traffic and phone calls).

All the Best, and I Know Who You Called Last Summer! ;)

Joe Blow