Lessons Learned: Issues Exposed in the Aftermath of the Hewlett-Packard Debacle

On Sept. 5, 2006, Newsweek published a story about Hewlett-Packard's Chairman Patricia Dunn's use of a private investigation firm to locate the source of leaks of confidential corporate information. As the story unfolded, the public learned the following: After confidential information appeared in news publications in 2005, certain officers and certain members of the board of directors of Hewlett-Packard ('HP') authorized the launch of two investigations, the first in 2005, and the next in 2006, to locate the source of the information leaks. The basis for the investigations was that the information leaked to the press was known only to board members. Certain officers and directors collectively comprised the 'HP investigation team' in the secret investigation of the leaks to the media. In devising its plan, the HP investigation team sought the assistance of a top investigator, Ron DeLia, head of Security OutSourcing Solutions, Inc. ('SOS'), with whom Hewlett-Packard previously had worked on unrelated matters. DeLia allegedly encouraged the HP investigation team to use pretexting or 'social engineering' to obtain private cell phone and phone records of certain targeted individuals, among other things.

Pretexting is the act of creating and using an invented scenario to obtain information from or about a target, usually over the telephone. It usually involves some prior research and the use of pieces of known information (eg, mother's maiden name, birthday, Social Security Number) to convince the target company that the individual seeking the information is, in fact, the legitimate owner of the information. Misrepresenting anything about oneself in order to improperly obtain another's information is, by definition, pretexting.