Telus recently acknowledged a customer service agent leaked a Hamilton woman’s information, to her ex-boyfriend, who was stalking her at the time, reports CBC News. The woman’s real name remained confidential for the story to protect her identity, only referred to as “Ellie”.
A female associate of the ex-boyfriend called Telus, then posed as Ellie with just her address and email account. This allowed the imposter to gain personal information and also grant access to make changes to the account. The woman posing as Ellie made up a story to say she had “lost” her purse and needed access to her cellphone account.
The problem was the Telus employee, who granted access without requiring the imposter to provide Ellie’s PIN or cellphone number.
Ellie told CBC News, “Shouldn’t that be a massive red flag?” She also claims Telus agents didn’t take her story seriously only until she threatened legal action.
The breach resulted in her ex-boyfriend taunting her with harassing messages over the weekend, which led to her being assaulted and chased by a car. Police eventually caught and laid charges against the ex-boyfriend. Ellie had already obtained a restraining order against her ex and also changed her number on earlier in January. She realized someone had access to her account, after she couldn’t figure out how her ex got her new number.
“It causes such concern for me, and for other women,” said Ellie. “Telus assisted him in violating me. They were negligent. I just feel so victimized by them.”
Telus spokesman Richard Gilhooley responded to CBC News to admit their customer agent made a mistake, saying “Our policies and procedures are designed specifically to protect our customers from this type of social engineering, but they were not properly followed by our customer service agent in this case.”
The wireless company said this was a case of “human error”, as a “skilled imposter” was able to trick the Telus agent to disclose information without answering proper security questions. The agent in question, according to Telus, was “trying to be helpful” to Ellie and her “difficult situation.”
Normally, if security questions aren’t answered properly, customers are told to go to a Telus store with government ID to prove their identity, but “Regrettably, these procedures were not followed in this case,” said the company.
Telus says they will make sure Ellie is “taken care of” with compensation, but could not share specific details, as the investigation is still in its early stages.