The Federal Trade Commission has put a permanent halt to an operation that allegedly obtained consumers' confidential phone records without their knowledge or consent, and then sold them to third parties, according to a statement by the FTC.
In addition, a U.S. judge ordered the company, Action Research Group and others connected with the company, to give up over $600,000 in profits made.
This is the latest in a series of FTC cases targeting telephone pretexters – individuals who use false pretenses to obtain consumers' confidential information.
According to an official FTC statement, the agency alleged that since at least 2005, Action Research Group, and its principals, Joseph and Matthew DePantes, sold confidential customer phone records, including lists of calls made and the dates, times, and duration of the calls, to third parties, without the knowledge or consent of the customers.
To get the records, these defendants relied upon the other defendants, Eye in the Sky Investigations, Cassandra Selvage and Bryan Wagner, who obtained them from phone companies through “pretexting.” Selling the records constitutes an invasion of privacy that could endanger the health and safety of consumers, the agency alleged.
Action Research Group and the other defendants were also involved in the Hewlett-Packard spy scandal in 2007. HP officials authorized the use of private investigators to trace boardroom leaks to the media.
The FTC filed a lawsuit against Action Research Group in February 2007. The civil suit covered, but was not exclusive, the HP scandal.
“The invasion of privacy and security from the unauthorized access to and sale of confidential customer phone records causes or is likely to cause substantial harm to consumers and the public, including, but not limited to, loss of privacy and endangering the health and safety of consumers,” the FTC said in its complaint.
According to the FTC statement, the settlement and default judgments permanently bar the defendants from obtaining, marketing or selling customer phone records or consumers' personal information derived from those records. They also bar the defendants from pretexting or using others to pretext to obtain consumers' information.
Emma McCulloch, a spokeswoman for HP, said the company had no comment.
One campaign posed as an HR department mandating vaccine information, another leveraged an XSS flaw to disguise a malicious download, and a third leveraged Verizon's Vzwpix service to mass-distribute emails.