I had a spooky experience with AT&T wireless yesterday. I’m in Berlin, with my cute new tri-band phone, designed to allow me to roam all over the world. While the phone roamed just great, I discovered that I was only able to call US numbers – calling my Hungarian or Danish colleagues here in Berlin got me a “number restricted error”.
So I ended up calling the AT&T help line to have them enable international calling (which I’d asked to be enabled when I bought the phone.) AT&T, understandably, wanted to authenticate me before allowing my phone to make some expensive calls. I expected to be asked for my social security number and billing address – and was. But then the nice phone support guy said something very interesting:
“Mr. Zuckerman, I’m about to ask you four questions. These should be questions to which only you have the answers.”
He proceeded on: “In which of the following counties have you owned real estate?” and then listed five counties around the country, including the county in which I own my house. The next two questions offered the “address” line of two of my previous mailing addresses – one of them over a decade old – and asked me to provide the city and state. And the final question listed six people’s names and asked me which ones I had a relationship with – the two listed were my parents.
I suspect this exercise was designed a) to help eliminate a particular type of fraud and b) to reassure me that AT&T wouldn’t do anything without my consent. The result was a different one – I found the experience deeply disturbing. My guess is that all the data AT&T was obtained was dug up when running a credit check on my account, which they do on all new subscribers. But it’s pretty disconcerting to see how much personal information a large corporation – or an ambitious private individual – can put together with a little motivation…