Georgia resident Ruth Johnson fell behind on her car payments, and was in turn stalked by debt collector John Edens, who got her location data from T-Mobile under false pretenses. Edens claimed to be a member of the state’s Fugitive Task Force, and created a website with a fake domain to back that up.
That was all the vetting T-Mobile needed to give him Johnson’s location, which he used to employ all sorts of terrifying tactics to get her debt taken care of and repossess the car. These tactics included showing up at her home and work at all hours, among other scares.
Her fears weren’t helped by the mysteriousness of the situation and her stalker. Johnson’s husband had been murdered not long ago under unknown circumstances, and she thought that the stalker may have had something to do with it. Johnson ended up moving her teenage daughter far away with family, and upending her whole life to leave her neighborhood. She also returned the car she was behind in payments for, leaving her without reliable transportation.
“You cost me my family”, she said of the Un-Carrier in the wake of the incident. To add insult to injury, Edens had a long history of stalking and domestic violence. In this particular case, he wound up getting a year behind bars for impersonating an officer.
The case was given its ending by debt collector Valerie McGilvrey, who spoke to Edens about his methods on recording, and later cooperated with Johnson.
T-Mobile, for its part, stated that the company does not share such data without analyzing the requests in-depth.
Additionally, it publishes information about its request process and the law enforcement and government agencies it works with, among other information, in an annual transparency report.
T-Mobile did not outright admit to dropping the ball, nor did it outright deny the allegations. Cases of fraud like this one are also supposed to be investigated by the company, something that likely didn’t happen in this case because, if all is as told by Johnson, T-Mobile had no clue it had been played by Edens. The company’s statement on the matter also dropped a vague mention of “additional safeguards” that can be employed as needed, pending results of an investigation such as this one.
At this point in the tale, Johnson has decided to sue T-Mobile for its alleged negligence and the suffering it caused her, and is in search of the legal means to do so. Her case, of course, hinges on Edens having told the truth of the matter in the candid recording submitted by McGilvrey.
If the company did indeed hand over Johnson’s location details, and perhaps other data, without properly vetting the requester, this may well be a precedent-setting case for the wireless world.
The idea that Edens could have obtained Johnson’s location data, or at least the addresses of her home and workplace, without help from T-Mobile is not entirely off the table.
In either case, cybersecurity expert Eva Galperin of the Electronic Frontier Foundation has gotten involved, which means that there is almost certainly a leak somewhere along the line that she will be looking to find and patch up.