PIs Selling Phone Records Sued By The FTC 79
carl writes "According to an MSNBC article, the FTC has sued five different background investigation firms for selling confidential phone records." From the article: "In the lawsuits announced Wednesday, the FTC charged the companies used 'false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier' to get the phone records. The companies advertised on their Web sites that they could get the confidential phone records of any individual and make them available for a fee, the agency said."
PLS... (Score:0, Insightful)
Don't forget (Score:5, Insightful)
(Emphasis mine)
So when is the FTC going to charge carriers with improperly handling private information? I hope they don't forget to nail the carriers to the wall for handing out this information in the first place. If they wouldn't just give the information away to every Tom, Dick, and Harry that called without verifiying they are who they say they are, there wouldn't be as much of a problem would there? Some simple ways to avoid giving the information to the wrong person might include calling them back on their cellphone or sending the information to the address that gets the bills. Selling this information is wrong, but the carriers are just as culpable for giving it out without proper verification.
Re:PLS... (Score:1, Insightful)
Never mind me...
And another thing... Why do I have to wait for over 5 minutes between posting anonymous replies? I realize it's flood protection, but 2 replies within 5 minutes would hardly make a flood. Something more reasonable, like a minute or two would be better.
Re:PLS... (Score:2, Insightful)
Re:SBC gives this stuff out for free (Score:3, Insightful)
Re:You can't really secure against social engineer (Score:5, Insightful)
Why not? When you establish service with a company, they should require you to provide them with a security question and answer of your choosing, and not simply ask you to select a common one from a list. Then when someone calls to access information from your account, they simply read back the question to you, and wait for the answer. If it matches, fine, they can presume it's you. If you don't know the answer, then they don't give out any information. If you've forgotten, they can mail it to the billing address on record (or email it to the address on record) and you can call them back later. Why wouldn't that work?