If I remember correctly this fraud was only done after they got acquired. The company's sales/marketing dept asked the newly acquired startup for a customer list to hit up, which is when the founder generated one after being asked repeatedly for it.
Which is when they were caught, emails bounced and they noticed the excel sheet rows matched the total limit in Excel.
So apparently the M&A team trusted the startup was successful when purchasing without seeing the customer list. Most startups get reputation through their press + fancy VC backers giving social credit + a good slide deck, which apparently was enough.
A startup would never give away their customer list to during due diligence. That would be insane. Many unscrupulous acquirers would take it, clone the product, and run.
Good point, another commenter above linked to the court records which explained she provided this during due-diligence:
> Javice agreed to provide in the template actual customer data for all fields except email and home street addresses; those she agreed to provide as a “unique ID” due to alleged privacy concerns.
So they did verify it but didn't catch it until the real list was sent.
I'm not sure what JPMorgan could have done before closing the deal realistically. At a point society only works if people tell some version of the truth. It's very hard to protect against blatant and shameless fraud beforehand.
Agreed, I don't think JPMorgan is much at fault here, besides maybe gambling on a fresh young company, but that's always risky for better or worse. Business is heavily built on relationships and reputation.
they hired a 3rd party to verify the leads and they basically checked that the row count was 4m and said yeah these look like contacts. if whoever was in contact with this vendor thought this was adequate, that's pretty bad judgment. how hard would it have been to validate a few records?
