TORONTO – When Maclean’s magazine was able to buy the supposedly confidential phone records of Jennifer Stoddart, Canada’s Privacy Commissioner, and publish a cover story last week on what looks like a potentially scary security loophole, the big three wireless carriers – all of whom were mentioned in the article – sprang into action.
And, with each company counting on huge wireless growth in the Christmas season and throughout 2006 and 2007 (all companies saw record levels of subscriber growth in 2005) all moved quickly to try and repair the damage.
First out of the gate was Bell Canada. In the Maclean’s article (linked here) writer Jonathan Gatehouse was able to purchase – with a little effort and $200 – Stoddart’s home and cottage phone records, and deduce from that her cell phone number.
Once the writer had the number, the American company he used to track down the land line info, was then able – within hours – to produce Stoddart’s Telus Mobility phone records, too. The magazine, just to show it wasn’t protecting its corporate parent, also used the same formula to produce a co-worker’s Fido records. Both Fido and Maclean’s are owned by Rogers Communications.
Bell responded the day of publication, November 14th, with a prepared statement, which said, in part: “Bell wishes to assure its customers that protecting the privacy of customer information is a serious matter for the company. To this end, Bell has systems and procedures in place that are continually updated to better protect customer information,” said its release.
In this case, the information was obtained through subterfuge and misrepresentation. Bell, other telecommunications companies and the customers involved were victims of fraudulent and unethical activity. We sincerely regret any embarrassment or inconvenience that has occurred,” it said.
“As soon as the Company was made aware of this incident, it took additional steps to further tighten the safeguards in place to protect customer information. Unfortunately this may cause some inconvenience to customers legitimately requesting their personal information. We ask for their understanding as these procedures are for the protection of their private account information.”
Then, on Friday, each of Bell, Telus and Rogers received a letter from Gerry Lylyk, the CRTC’s director of consumer affairs, telecom branch, demanding that all three report – by November 28th – what they are doing about the problems outlined by Maclean’s.
Citing Bell’s statement that it has already moved on the file, the letter added: “The Commission requests that Telus Communications Inc. and Rogers Wireless Inc. to undertake a similar investigation. In addition, within 10 days from the date of this letter (Nov. 18), the Commission requests that Bell Canada, Telus and Rogers report to the Commission outlining the specific details as to what occurred and describing the safeguards that were in place within their respective companies at the time the alleged incidents took place (including safeguards against unauthorized electronic access, details as to how your company verifies and validates the identity of a party requesting confidential customer information, and the means by which confidential customer information is required).”
“Privacy is paramount and we understand that,” said Rogers Communications vice-president of communications Jan Innes when contacted by www.cartt.ca on Monday. “We feel fully confident that we are protecting our customers’ privacy.”
“I would like to point out that the article run in Maclean’s is the first case of its kind that we have investigated,” said Telus v-p corporate affairs Drew McArthur in an e-mail to cartt.ca on Monday. “It was a very targeted effort to gain information through fraudulent means, using social engineering and pretexting to make customer care representatives believe they were dealing with the actual customer.
“TELUS is conducting a full investigation and has implemented certain measures to prevent similar occurrences in the future. Obviously, due to security reasons, we will not divulge what measures we will be taking,” he concluded.
Not really the promotional campaign the wireless companies in Canada had in mind heading into the Christmas rush.
