The Federal Communications Commission (FCC) announced that it was issuing fines since “TerraCom and YourTel apparently stored Social Security numbers, names, addresses, driver’s licenses, and other sensitive information belonging to their customers on unprotected Internet servers that anyone in the world could access.” However, the FCC stated in “their privacy policies, the two companies stated that they had in place ‘technology and security features to safeguard the privacy of your customer specific information from unauthorized access or improper use.’”
On October 24, 2014 the FCC issued a press release that this was the FCC’s “first data security case and the largest privacy action” based violations “from September 2012 through April 2013” when the companies:
…allegedly breached the personal data of up to 305,000 consumers through their lax data security practices and exposed those consumers to identity theft and fraud.
Travis LeBlanc, Chief of the FCC’s Enforcement Bureau stated:
Consumers trust that when phone companies ask for their Social Security number, driver’s license, and other personal information, these companies will not put that information on the Internet or otherwise expose it to the world,..When carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices.
The Washington Post reported that these privacy violation were detected:
When reporters for the Scripps Howard News Service stumbled on the data with a simple Google search, they reported on the lax security and notified the FCC
Company need to better protect customer data, and particularly when they promise to guard it from unauthorized access.