AT&T Files Suit Against ‘Data Brokers’

AT&T Services Inc. filed suit Wednesday in federal court to block more than two dozen alleged data brokers from getting hold of customer information without authorization.

The suit accused 25 “John Doe” defendants of using fraudulent means to gain access to AT&T’s business records, including calling-record data and other information on customers.

AT&T spokesman Walt Sharp told Direct Newsline that AT&T does not even know the full names of the defendants at this point, only their e-mail and Internet Protocol addresses.

“The purpose of this suit was to get an injunction against these data brokers,” he said.

Although they accessed AT&T’s computers, the defendants did not get access to Social Security numbers, driver’s license numbers or other personal financial, credit or identity information, according to AT&T.

An AT&T internal investigation identified about 2,500 customers as possible victims of the so-called data brokers. These customers have been notified and access to their online accounts frozen for their protection, said AT&T chief privacy officer Priscilla Hill-Ardoin in a statement.

“We intend to vigorously pursue these individuals who, through fraud, have attempted to obtain unauthorized access to customer information,” she added.

AT&T accused the defendants of posing as customers to gain confidential information, in a process known as pretexting. They also utilized an AT&T Interactive Voice Response system and “employed a form of caller ID ‘spoofing’ technology to make it appear the call was originating from the telephone number associated with the customer’s account,” the complaint stated.

The perpetrators allegedly set up unauthorized online accounts by supplying private customer-identifying information. This data included the last four digits of the person’s Social Security number and his or her customer code, according to the complaint.

However, “AT&T does not know how the defendants obtained the personal information necessary to establish these online customer accounts,” the complaint continued.

AT&T was able to identify the IP addresses used by several John Doe defendants. But it added that “only the defendants’ Internet service providers can identify the subscribers that correspond to the IP addresses.”

The IP addresses listed in the complaint include: [email protected], [email protected], [email protected], [email protected] and [email protected].

AT&T said that it had spend over $5,000 to investigate the actions of each defendant.

Sharp said AT&T has not yet determined the amount of damages it will seek. But the firm wants to the defendants to return any AT&T business information they have, and be blocked from using or distributing it.

The suit is on file with the San Antonio Division of the U.S. District Court for the Western District of Texas.