AT&T sues two over scheme to steal customer data

Share this article:
AT&T has accused two Utah men of carrying out a data mining scheme, using automatic dialing programs to harvest information from its customer database and costing the company more than $6.5 million.

In a complaint filed late last week in federal court in Dallas, AT&T and its subsidiaries named Phil Iverson and Chris Gose as the masterminds behind the fraud.

AT&T claims that over at least the past five years, the defendants used computerized auto-dialing programs to place hundreds of millions of phone calls to numbers they purchased from AT&T, according to the complaint.

The calls, however, were spoofed to make it appear like the calls were coming from other AT&T customer numbers, which tricked AT&T's systems into delivering caller ID name information stored in its customer database.

“By constantly adjusting and refining their data mining techniques, defendants have been able to launch a series of cyberattacks on and gain unauthorized access to AT&T's electronic [customer] database,” the complaint stated.

It also names a group of corporations as co-defendants, including Blue Skye, CCI Communications and Feature Films for Families.

Iverson and Goose directed or caused these companies to participate in the alleged fraudulent activities, AT&T contended. The masterminds purchased telecommunication services offered by the co-defendants to use as part of the scheme.

The defendants likely used the stolen caller ID data for telemarketing purposes, AT&T said in the complaint. The information has “considerable commercial value,” since matching name and number information for wireless subscribers is often not available in public directories.

AT&T added that it lost roughly $6.5 million from processing the millions of spoofed calls and caller ID searches, as well as from deploying technologies to detect and stop the activity. 

The telecom giant is seeking actual and punitive damages and asked the court to bar the defendants from conducting additional data mining fraud.

Neither Iverson nor Goose could be reached for comment.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.