A record $10 million fine against two telecoms is the regulator's first data security case.
The FCC and chairman Tom Wheeler say two companies combed through, then failed to properly secure customers' sensitive information.
The Federal Communications Commission entered the data security business Friday with a bang, charging a record $10 million fine against two telecommunicatons companies whose neglect put up to 300,000 customers at risk of identity theft.
The companies, YourTel America and TerraCom Inc., each combed the data of up to 300,000 customers to determine who was eligible for Lifeline, the FCC’s low-income discount phone program. The federal assistance program has also gained the nickname “Obamaphone,” even though it was created in 1985 under President Ronald Reagan.
The planned fine for the two companies, which are related to each other, is the commission’s first data security case and its largest privacy violation action ever.
The data the companies accessed between September 2012 and April 2013 included sensitive information like Social Security numbers, addresses, names and driver’s license information. The telecoms failed to encryption to secure the data online, as a result, anyone could have accessed it without having to enter a password.
Although the companies discovered the security gap, they didn't alert the customers whose information had been exposed, said FCC Enforcement Bureau Chief Travis LeBlanc in a conference call with reporters on Friday. By failing to do so, LeBlanc said, both companies “breached the privacy and trust of their consumers,” as their privacy policies guaranteed that cybersecurity measures would protect sensitive data.
Lax security practices are the greatest factor in identity theft, the fastest growing crime in the U.S., LeBlanc said, adding that this will be the first of many data security investigations by the FCC.
“Today’s action serves as a warning to other carriers,” he said. “The Commission has sent a clear signal. We will not tolerate conduct that puts American consumers at risk of financial fraud and identity theft.”
Because of data breaches at companies like Target and JPMorgan approximately half of U.S. adults had their information stolen, but less than half of U.S. companies have taken enough precautions to protect consumer data, according to PricewaterhouseCoopers’ 2014 U.S. State of Cybercrime Survey.
This move into data security by the regulator shows the Obama administration may be adding more enforcement responsibilities for government, considering also the $105 million fine against AT&T forunfair billing, which the Federal Trade Commission cited as part of a growing partnership on customer rights enforcement with the FCC.
By Tom Risen
No comments:
Post a Comment