Ponemon: Pretexting common in business

Ponemon Institute chairman Larry Ponemon has come out in defense of Hewlett-Packard's (HP) use of "pretexting" to track confidential information leaks from the board stating Sarbanes-Oxley requirements are the root cause of the problem.

Ponemon defended HP's use of pretexting, claiming the burdens of Sarbanes-Oxley on the board mean they have to be "extremely diligent" about locating and finding leaks.

He said such investigative techniques are widespread.

Ponemon admits the company "really stuffed up" by failing to understand the tactics used by private investigators straddling the "unethical practice" of pretexting.

"Everyone believes pretexting has to be an identity fraud or identity crime and is therefore against the law, but in the US there are loopholes and it is not illegal for a private investigator to use pretexting as a tactic," Ponemon said.

"I have been talking to a few private investigators and information security experts, and pretexting is just one of the tools used regularly to find sources of confidential information breaches and Hewlett-Packard was just caught and they have the brand.