The FCC as data security cop: $10 million fine for carriers’ security breaches

FCC says TerraCom and its affiliate YourTel stored Social Security numbers, names, addresses in the open

The FCC took a big stand today saying it will fine TerraCom and YourTel America $10 million because the agency said both carriers violated the privacy of phone customers’ personal information. The action is the agency’s first data security case and the largest privacy enforcement in the Commission’s history.

+More on Network World: +

The FCC said TerraCom and its affiliate YourTel stored Social Security numbers, names, addresses, driver’s licenses, and other sensitive information belonging to their customers on unprotected Internet servers that anyone in the world could access.

In their privacy policies, the FCC said two companies stated that they had in place “technology and security features to safeguard the privacy of your customer specific information from unauthorized access or improper use.” Yet, from September 2012 through April 2013, the sensitive documents they collected from consumers were apparently stored in a format accessible via the Internet and readable by anyone.

Even after the companies learned of this security breach, they allegedly failed to notify all potentially affected consumers, depriving them of any opportunity to take steps to protect their personal information from misuse by Internet thieves, the FCC stated.

 The personal information was gathered to demonstrate eligibility for the Universal Service Fund’s Lifeline program, which offers discounted phone services for low-income consumers.

“Consumers trust that when phone companies ask for their Social Security number, driver’s license, and other personal information, these companies will not put that information on the Internet or otherwise expose it to the world,” said Travis LeBlanc, Chief of the FCC’s Enforcement Bureau in a statement. “When carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices.”

Check out these other hot stories:

Hacker group leader gets 24 months in federal prison for attacking US Navy, 50 other institutions

Ebola crisis brings out another sickness: Vile scammers

FTC gets $10M from massive text spam, robocalling schemers

The oil used to fry your eggroll for lunch might fly you to the coast in the afternoon

US Justice Dept. focuses new squad on cybercrime combat

Carnegie Mellon: Bigger may not be better with battery makers

Air Force’s super-secret space drone comes home

How do I know you’re lying? My “Star Wars” algorithm told me

Gartner: The drone in the corner office

Gartner: Top 10 Technology Trends for 2015 IT can’t ignore

Gartner: IT careers – what’s hot?


Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022