IE 11 is not supported. For an optimal experience visit our site on another browser.

Snooping phone records is widely done

Pretexting is common practice for collection agencies, banks, lawyers
/ Source: The Associated Press

Although the boardroom scandal at Hewlett-Packard Co. made the practice more widely known, buying phone records or other personal information obtained by “pretext” calls appears to have been common in parts of the business world.

In a letter to the House Energy and Commerce committee, which was investigating the issue this year, data broker PDJ Investigative Services described its customers as “law offices, repossession companies, financial institutions, collection agencies, bail enforcement agencies, law enforcement agencies and various private investigation and research companies.”

“Those businesses have a common need. That need is to be able to locate individuals, who do not wish to be found,” another data broker, Universal Communications Co., wrote to the committee.

For example, banks sought to find debtors who defaulted on loan payments, and car finance companies traced people who stopped paying their auto loans and disappeared, Universal Communications said.

PDJ sold records of local and long-distance calls as well as non-published phone numbers and home addresses, according to an old price list submitted to the House committee.

In its letter, PDJ said it did not perform pretext calls itself, but paid independent vendors for the information, or searched public databases and the Internet.

Robert Douglas, a privacy consultant in Colorado who closely follows pretexting and other investigatory techniques, said such independent vendors use sophisticated methods to fool customer service representatives into giving out information.

However, the attention given to pretexting in the past two years — the HP scandal is just the latest in a series of revelations — has made data brokers restrict sales of certain kinds of information. Cell phone companies, one of the major targets of pretexters, also have fought back by launching lawsuits.

Public attention on the matter was kick-started in January, when the Chicago Sun-Times reported that the city’s police department was warning officers that lists of their cell phone calls were available for sale online.

PDJ told the House committee that it voluntarily stopped selling cell-phone records last year. Its current Web site lists no call record services. It still can determine phone numbers that correspond to a given name or address.

A call to PDJ, based in Granbury, Texas, was not returned Wednesday.

PDJ’s customer list, also provided to the House committee, included some well known names, including Bank One Corp., now part of JPMorgan Chase & Co. It paid PDJ $185,140, starting in April 2000, making it one of the broker’s largest clients.

JPMorgan spokesman Tom Kelly said the company does not talk about its vendors, but noted that Bank One had a large consumer lending business, including home equity and auto lending. “Sometimes people don’t pay right away,” Kelly said.

Another client was car insurance company Progressive Corp. According to an AP analysis of the customer list, it paid PDJ about $34,000.

Representatives of Progressive could not immediately comment on the company’s involvement.

Douglas said law firms, another major client category for the data brokers, use them to find witnesses and research alibis, as well as in business matters like noncompete investigations, where they need to determine if an employee has been talking to rivals.

Adam Yuzuk of New York testified at a House committee hearing in June about his personal experience of being targeted by phone-record snooping in a business dispute.

In June 2005, Yuzuk called Cingular Wireless with a billing question, and was told he could look up the same information online. He protested that he didn’t have an online account, but the customer service representative persisted. Online access had been set up to the account, which allowed the visitor to view Yuzuk’s calling records.

The e-mail address the visitor had provided led nowhere, so Yuzuk had no idea who had accessed the account.

At the time, Yuzuk was embroiled in a dispute with former business partners at Cipriani Accessories, a clothing accessories company. He filed suit against them last October, and in the process asked them for any documents on investigative activities concerning him.

That request paid off this April: His former partners turned out to have hired a researcher who obtained Yuzuk’s cell phone records for several months.

Yuzuk would not comment for this story, saying he has settled the suit against his partners and signed a nondisclosure agreement. But his example is illustrative: only because of a chance conversation with a customer service representative, and the fact that he was involved in a lawsuit, was he able to discover that he had been spied upon.