Two sister mobile telecom operators of US, named TerraCom and YourTel America are fined for US$3.5 million for storing personal data of subscribers on unprotected servers. The service providers were storing data of more than 300,000 customers, including their names, addresses, Social Security Numbers and Drivers’ licenses, and these were accessible over the internet.
The issue was first noticed by an investigative journalist in 2013, who found the operators’ subscriber data online. He could access more than 128,000 customer data online, including the documents submitted by the customers for Lifeline service, a telecom service in US that provides telecom subsidies to low-income subscribers. On contacting the company, the reporter was blamed for interfering in the matter as ‘data breach’. Later, the companies were sued for penalty.
U.S. Federal Communications Commission (FCC) Enforcement Bureau Chief Travis LeBlanc said that the companies have breached the trust of the subscribers. “Consumers rightly expect that companies will take every reasonable precaution to protect their personal information,” he said. “They failed to take reasonable measures to protect sensitive customer information from unauthorized access by anyone with a search engine,” he added.
In addition to the penalty of US$3.5 million, companies are directed to inform the subscribers whose data was subject to unauthorized access and provide complimentary credit monitoring services. The companies have also agreed to take security measures.