Two sister mobile and telecom service providers will pay a combined US$3.5 million after the U.S. Federal Communications Commission found that they were storing customers' personal data on unprotected servers accessible over the Internet.
TerraCom and YourTel America failed to adequately protect the personal information of more than 300,000 customers, the FCC said. The settlement stems from a 2013 incident when an investigative reporter found customer records from the companies' low-income Lifeline programs online, the agency said in an October 2014 proposal to fine the companies.
In March and April 2013, the reporter was able to access more than 128,000 confidential records and documents submitted by subscribers and applicants for Lifeline service, a program that provides telecom subsidies to low-income U.S. residents.
The customer information available online included names, addresses, Social Security numbers and driver's licenses, the FCC said in a press release. After the reporter contacted the companies, they reported his investigation to the FCC as a data breach.
"Consumers rightly expect that companies will take every reasonable precaution to protect their personal information," Travis LeBlanc, chief of the FCC's Enforcement Bureau, said in a statement. "It is a breach of customer trust for a company to promise to protect personal information while failing to take reasonable measures to protect sensitive customer information from unauthorized access by anyone with a search engine."
Neither company immediately returned a message seeking comment on the settlement.
The settlement ensures that the companies take "concrete steps" to improve security, LeBlanc added.
In addition to the $35 million civil penalty, the settlement requires the companies to notify all customers whose information was subject to unauthorized access and provide complimentary credit monitoring services. The companies have also agreed to take several steps to improve their security practices.
The settlement also resolves an FCC investigation into YourTel's failure remove Lifeline subscribers from the program in a timely manner. After the FCC told YourTel in 2012 to remove ineligible customers from the program, the company continued to provide the subsidized service into 2013, the agency said. As a result, the company overbilled the Lifeline program, the FCC said.
TerraCom, based in Oklahoma City, offers mobile Lifeline service in 14 states. YourTel, based in Kansas City, Missouri, provides mobile Lifeline service in eight states and wireline Lifeline service in three.
Sign up for Computerworld eNewsletters.