Identity theft at work

A news story broke yesterday about shake-up of Hewlett-Packard’s (HP) board. What’s more disturbing is how a corporation hired consultants to essentially commit identity theft in order to obtain the phone records of board members suspected of releasing confidential information.

News.com report: FAQ: The HP ‘pretexting’ scandal

Excerpt:
What is pretexting and how is it done?
Pretexting involves posing as someone you are not to get information from a company. An individual will call up the phone company, or visit its Web site and attempt to bluff his or her way into obtaining confidential information by pretending to be a certain customer.

Is this illegal?
While there is no specific federal law prohibiting pretexting for telephone records, there are some general civil prohibitions that probably apply. When it comes to financial records, pretexting is clearly illegal.

[I suggest you read the entire story for more details.]

Apparently, these activities are not against the law.

How do you protect yourself against these kind of activities? Perhaps creating online access accounts for your financial institutions and utilities is a small step to slow down a thief. But if someone already has your address and social security number, the thief may still be able to use social engineering to get the info they want.

-Roland

Roland Reinhart is an interactive marketing professional who is concerned about how companies handle personally identifiable information. His observations can be found at Chaos365.com and AdMadMan.com.

©2006 Roland Reinhart. All Rights Reserved.