Sprint fails to appreciate the real issue
John Aravosis raised awareness that, for a fee of $89.95, celltolls.com (and other websites) will send you a list of the last 100 calls made by any cell phone.
This morning I spoke with a representative of the Sprint Security Department. But let's back up.
A few weeks ago when I heard about situation, I called the Sprint Customer Service. They assured me that it is not possible that somebody could get access to my call records. I had them note in my record that I would request the call records for my own phone number, and that they assured me that celltolls.com would fail to provide me with the data and, therefore, not charge me.
The next day, celltolls.com sent me a list of the last 100 calls I had made.
At that point, Sprint issued a press release confirming there was a problem. The release told people to make sure to add PINs to their accounts, implying that the records were being released due to poor security at Sprint Customer Service.
Interestingly, I have had a PIN on my account for the last 5 years. Whenever I call Sprint, they ask for "your PIN or the last 4 digits of your SSN". I have told them over and over again that I do not want anybody accessing my account using the SSN. They have noted my record many times, but apparently they are unable to abide by my wishes.
Thus, Sprint is incapable of implementing their own suggested fix (work around) for the security problem.
I called Sprint back, and they put me in touch with a representative in their Security Department. After two weeks of phone tag, he assured me that Sprint was taking all possible steps with the courts and the legislature to make sure to solve the problem. He said that the law has no teeth in it. I replied that my account at Merrill Lynch is better protected, but not because the laws protect that account better! It's not the laws that keep (for example) Eastern bloc criminals from emptying my Merill Lynch account; it's that Merrill Lynch has competent security policies in place. He agreed.
I suggested that Sprint won't regain any measure of credibility by telling people that Sprint is working to have the laws fixed. Instead, they need to change their message, owning up to the fact that it's a technical problem (they have a security breach), and that they must address it as such. He said that he isn't in a position to talk about technical problems or solutions.
He said that he will arrange for $89.95 to be credited to me. As well, he said that he would arrange to waive my termination fee if I choose to break my contract.
This morning I spoke with a representative of the Sprint Security Department. But let's back up.
A few weeks ago when I heard about situation, I called the Sprint Customer Service. They assured me that it is not possible that somebody could get access to my call records. I had them note in my record that I would request the call records for my own phone number, and that they assured me that celltolls.com would fail to provide me with the data and, therefore, not charge me.
The next day, celltolls.com sent me a list of the last 100 calls I had made.
At that point, Sprint issued a press release confirming there was a problem. The release told people to make sure to add PINs to their accounts, implying that the records were being released due to poor security at Sprint Customer Service.
Interestingly, I have had a PIN on my account for the last 5 years. Whenever I call Sprint, they ask for "your PIN or the last 4 digits of your SSN". I have told them over and over again that I do not want anybody accessing my account using the SSN. They have noted my record many times, but apparently they are unable to abide by my wishes.
Thus, Sprint is incapable of implementing their own suggested fix (work around) for the security problem.
I called Sprint back, and they put me in touch with a representative in their Security Department. After two weeks of phone tag, he assured me that Sprint was taking all possible steps with the courts and the legislature to make sure to solve the problem. He said that the law has no teeth in it. I replied that my account at Merrill Lynch is better protected, but not because the laws protect that account better! It's not the laws that keep (for example) Eastern bloc criminals from emptying my Merill Lynch account; it's that Merrill Lynch has competent security policies in place. He agreed.
I suggested that Sprint won't regain any measure of credibility by telling people that Sprint is working to have the laws fixed. Instead, they need to change their message, owning up to the fact that it's a technical problem (they have a security breach), and that they must address it as such. He said that he isn't in a position to talk about technical problems or solutions.
He said that he will arrange for $89.95 to be credited to me. As well, he said that he would arrange to waive my termination fee if I choose to break my contract.
posted by Tim at 6:41 PM
0 comments
