The Federal Communications Commission leapt into data security litigation Friday, levying a $10 million fine against two telecom companies that allegedly stored personally identifiable customer data online without firewalls, encryption or password protection.
The two companies, YourTel America and TerraCom, share the same owners and management. From September 2012 to April 2013, the FCC said, the companies collected information online from applicants to Lifeline, the government’s telephone subsidy program for poor Americans. To prove their eligibility, potential customers are asked for personal information, including Social Security numbers, dates of birth, addresses, names and drivers’ license numbers.
Rather than store this data securely or destroy it after they were done proving eligibility, according to the FCC, the companies kept the information on publicly accessible Internet servers. When reporters for the Scripps Howard News Service stumbled on the data with a simple Google search, they reported on the lax security and notified the FCC. As many as 300,000 customers may have been affected by the unsecured data, the FCC said. […]
It’s no surprise the FCC is growing increasingly interested in privacy cases. The year has been marked by a series of high-profile data breaches, indicating both a real danger to consumers, as well as an opportunity for regulators.