FCC slaps $10 million fine on 2 carriers for negligently posting sensitive data of users online

The Federal Communications Commission (FCC) has ordered two regional mobile carriers to pay millions of dollars in fines for inadvertently posting the private information of hundreds of thousands of customers online.

Oklahoma City-based TerraCom and its affiliate YourTel America are set to pay up to $10 million in fines for failing to protect sensitive user information of more than 305,000 customers.

The FCC says both carriers are part of the Universal Service Fund's Lifeline, a government program that subsidized mobile phone services to low-income families. To confirm eligibility, the carriers had to ask customers for information such as their Social Security numbers, home addresses, phone numbers, date of birth and other personal data of sensitive nature.

Howard Scripps News first reported the breach when it was researching companies involved in Lifeline and accidentally chanced upon a document that contained a TerraCom application posted on the website of a call center in India working under a partnership with both carriers.

After a few more Google searches, Scripps discovered several other applications containing customers' sensitive information. Eventually, the news outlet discovered more than 300,000 documents were posted online without a firewall, encryption or even a password for protection.

TerraCom chief operating officer Dale Schmick says the company is fully cooperating with the FCC and "welcomes the opportunity to correct the record with regard to our security processes." Schmick also says that both carriers have upgraded their security measures since the incident was first reported last year, but accuses Howard Scripps of violating anti-hacking laws for "breaching" the carriers' systems.

However, the FCC says the companies still failed to notify their customers that their information were posted online, depriving them of the "opportunity to take steps to protect their personal information."

"Consumers trust when phone companies ask for their Social Security number, driver's license and other personal information, these companies will not put that information on the Internet or otherwise expose it to the world," says Travis LeBlanc, chief of the FCC's Enforcement Bureau. "When carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices."

This is the biggest privacy case the FCC has handled to date. Last month, Verizon agreed to pay a $7.4 million settlement with the FCC over the mobile carrier's unlawful practice of marketing to more than two million subscribers without their consent.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics