“Verizon royally fucked up,” Poppy told me in a phone call. “There’s no way around it.” Verizon, she added, was “100% at fault.”
Verizon handed Poppy’s personal data, including the address on file and phone logs, to a stalker who later directly threatened her and drove to an address armed with a knife. Police then arrested the suspect, Robert Michael Glauner, who is charged with fraud and stalking offenses, but not before he harassed Poppy, her family, friends, workplace, and daughter’s therapist, Poppy added. 404 Media has changed Poppy’s name to protect her identity.
Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.
Remarkably, in a text message to Poppy sent during the fallout of the data transfer, a Verizon representative told Poppy that the corporation was a victim too. “Whoever this is also victimized us,” the Verizon representative wrote, according to a copy of the message Poppy shared with 404 Media. “We are taking every step possible to work with the police so they can identify them.”
In the interview with 404 Media, Poppy pointed out that Verizon is a multi-billion dollar company and yet still made this mistake. “They need to get their shit together,” she said.
Poppy’s story highlights the very real human cost of a massive failure on Verizon’s part. More broadly, it highlights the increasing problem of criminals filing fraudulent emergency data requests (EDRs) with tech companies and telecoms as a way to trick them into handing over their targets’ data. Other criminals who discuss the practice are often part of wider criminal groups that rob, shoot, and attack one another and outside victims, according to Telegram messages reviewed by 404 Media. Senators have written to tech companies for information on the problem of fake EDRs, and one company has emerged which attempts to mitigate the problem by vetting requests from police departments. And yet, the issue remains.
“This has completely changed my life, for the rest of my life,” Poppy said, adding that the incident has amplified her PTSD and anxiety from previous trauma.
404 Media and Court Watch first reported the news of Poppy’s case earlier this month. It started when Poppy and Glauner met on xHamster around August or September. Eventually Poppy cut contact with Glauner. That’s when he allegedly escalated.