Investigation Finds Telecom Companies Sold Sensitive Customer GPS Data

Investigation Finds Telecom Companies Sold Sensitive Customer GPS Data

An investigation by Motherboard has found that an estimated 250 bounty hunters and related businesses had access to customer location data from AT&T, T-Mobile and Sprint.

An investigation by Motherboard has found that an estimated 250 bounty hunters and related businesses had access to customer location data from AT&T, T-Mobile and Sprint.

Documents obtained by Motherboard show that telecommunications companies sold data intended for use by 911 operators and first responders to data aggregators, who then sold it to bounty hunters. In some cases, the GPS data was so accurate that a user could be tracked to specific locations inside a building.

According to Motherboard, between at least 2012 until it closed in late 2017, a now-defunct data seller called CerCareOne allowed bounty hunters, bail bondsmen and bail agents to access the real-time location of AT&T, T-Mobile and Sprint cell phones. A source familiar with the company told investigators that the company would sometimes charge up to $1,100 per phone location.

CerCareOne customers were able to access data including a phone’s “assisted GPS” –or A-GPS—data, a technology used by first responders to find 911 callers in emergency situations.

Blake Reid, associate clinical professor at Colorado Law, told Motherboard that “with assisted GPS, your location can be triangulated within just a few meters. This allows constructing a detailed record of everywhere you travel.”

“The only reason we grant carriers any access to this information is to make sure that first responders are able to locate us in an emergency,” Reid said. “If the carriers are turning around and using that access to sell information to bounty hunters or whomever else, it is a shocking abuse of the trust that the public places in them to safeguard privacy while protecting public safety.”

A Sprint spokesperson did not directly answer whether the company has ever sold A-GPS data, and AT&T did not respond to a request to clarify whether it has ever sold A-GPS data. A T-Mobile spokesperson told Motherboard “We don’t have anything further to add at this stage.”

A list of one customer’s use of the phone location service, obtained by Motherboard, goes on for about 450 pages, listing more than 18,000 individual phone location requests in just over a year.

“This scandal keeps getting worse. Carriers assured customers location tracking abuses were isolated incidents. Now it appears that hundreds of people could track our phones, and they were doing it for years before anyone at the wireless companies took action,” Oregon Senator Ron Wyden said after being presented with Motherboard’s findings. “That’s more than an oversight—that’s flagrant, willful disregard for the safety and security of Americans.”

Motherboard’s full investigation can be read here.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Elevate Your Business

    In today’s dynamic business environment, companies specializing in physical security are constantly evolving to remain competitive. One strategic shift these businesses can make to give them the advantage is a full or partial transition to a recurring revenue model, popularly called a subscription service. This approach will bring numerous benefits that not only enhance business stability but also improve customer relationships and drive innovation. Recurring monthly revenue (RMR) or recurring annual revenue (RAR) are two recurring cadence choices that work simply and effectively. Read Now

  • It Always Rains in Florida

    Over the years, and many trips to various cities, I have experienced some of the craziest memorable things. One thing I always count on when going to Orlando is a massive rainstorm after the tradeshow has concluded the first day. Count on it, it is going to rain Monday evening. Expect that it will be a gully washer. Read Now

    • Industry Events
  • Live from GSX 2024 Preview

    It’s hard to believe, but GSX 2024 is almost here. This year’s show runs from Monday, September 23 to Wednesday, September 25 at the Orange County Convention Center in Orlando, Fla. The Campus Security Today and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from GSX page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now

    • Industry Events
  • Playing a Crucial Role

    Physical security technology plays a crucial role in detecting and preventing insider cybersecurity threats. While it might seem like a stretch to connect physical security with cyber threats, the two are closely intertwined. Here’s how physical security technology can be leveraged to address both external and internal threats. Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3