PLA Forums

Other Stuff That Has Little To Do With PLA => Techinical Shit => Phreaking, Hacking, Social Engineering, Lock Picking => Topic started by: rbcp on April 28, 2011, 06:55:29 AM

Title: Is it illegal to trick Walgreens out of customer names and addresses?
Post by: rbcp on April 28, 2011, 06:55:29 AM

This week on TPS, we spent about 4 hours calling up Walgreens photo department and tricking the photo department employees out of customer names and phone numbers so we could make hilarious prank calls to them (http://www.phonelosers.org/media/pictures_pastor_is_fucked.mp3).  At some point this week I'll have to edit the files for this episode and I'm wondering if I should worry about the legalities.  Is stealing names and phone numbers a horrible breach of some privacy act that will link me to terrorism and/or the murder of a child beauty queen?

I know if we were getting customer data from the Walgreens pharmacy, that would probably violate the  HIPA Act (http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act), but we were sticking only to the photo department.  Anyone know if I'm violating anything other than basic telephone harassment laws?

Title: Re: Is it illegal to trick Walgreens out of customer names and addresses?
Post by: rasterdragon on April 28, 2011, 07:08:04 AM

i did a quick check. it's not technically illegal. but again, US law is about 18 years behind hacking/phreaking. the closest i found is 1999's Gramm-Leach-Bliley act , which is mostly about pretexting banking records, and the US federal trade comission act, which mereley address it in terms of gaining information in terms of unfair competition. and of course HIPAA, which is bound solely to medical details.

Title: Re: Is it illegal to trick Walgreens out of customer names and addresses?
Post by: rth on April 28, 2011, 08:25:18 AM

http://www.wisegeek.com/what-is-pretexting.htm

Title: Re: Is it illegal to trick Walgreens out of customer names and addresses?
Post by: markov on April 28, 2011, 11:40:08 AM

I don't know about your side of this scenario, but I work at a call center and we're told its illegal for us to give out any client information to anyone that calls, unless the caller can provide fairly strict verifications. At some point they even gave us the name of some fairly new legal act that made it illegal to do so, but I can't remember what it was(this was a few years ago).

Of course, that's from the business side, and just because we're told that doesn't mean its true..

So it may be illegal for Walgreens to be giving you this information, in which case Walgreens should be the concerned party- but I also don't see Walgreens making a big deal about it because they wouldn't want the publicity