FCC Fines ISPs Terracom, Yourtel $3.5 Million For Violating Consumer Privacy
The FCC is charging two smaller ISPs, sister companies Terracom and Yourtel, with a $3.5 million fine for violating consumer privacy and for over-billing of the federal Lifeline program.
It would probably be more accurate to say that these ISPs are responsible for carelessly storing consumer information more than violating the privacy of its consumers. According to the FCC, the two companies failed to keep the confidential personal information of over 300,000 consumers using their services.
The personal information, which includes names, addresses, social security numbers, driver's licenses, and other confidential data, was stored by the companies on an unprotected server, which was accessible over the Internet in a manner that allowed anyone with a search engine to access the information. Given the ease with which anyone could access the data, it isn't surprising that the companies' servers were breached and the data copied.
In addition to the data breach, the companies also were found to be taking advantage of the Lifeline program that provides affordable telephone service to those in need. The FCC has been responsible for regulating this program since its inception. Essentially, a company gives an eligible family the telephone service for a lower than average price, and the FCC afterwards reimburses the companies the difference.
The FCC had previously instructed the companies to remove Lifeline subscribers who were not eligible for the program. Specifically, some Lifeline subscribers were being claimed under both service providers, allowing them to draw reimbursement money from the FCC without actually providing any service.
"Consumers rightly expect that companies will take every reasonable precaution to protect their personal information," said Travis LeBlanc, Chief of the FCC's Enforcement Bureau. "It is a breach of customer trust for a company to promise to protect personal information while failing to take reasonable measures to protect sensitive customer information from unauthorized access by anyone with a search engine. This settlement ensures that these companies take concrete steps to improve their security practices and prevent breaches like this from happening again."
The FCC opted to charge the companies a joint $3.5 million in civil penalties for the privacy violation, and partially as a settlement for overcharging Lifeline. Both companies also committed to improving their security and privacy measures to avoid a similar breach from occurring in the future. They also are required to inform their users who had information stolen about the situation.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
One could argue that this is a wholly inadequate response from the FCC. ISPs, even small ones, are extremely profitable businesses. Large ISPs see billion dollar profits annually, while smaller ISPs often manage to make hundreds of millions. Compared to the damage done, this is little more than a slap on the wrist.
Not to mention, at this time nothing is being done to reimburse the customers harmed by this. Right now, many of them are likely still unaware their information has been stolen. Someone could be using their personal information to do any number of things. It is a major inconvenience that these customers have to change their phone number to avoid unwanted calls, but worrying about identity theft will be a major headache for these people.
At the end of the day, it seems like a weak response to a major problem that never should have happened.
Follow Michael Justin Allen Sexton @LordLao74. Follow us @tomshardware, on Facebook and on Google+.
-
hdmark I feel like if Comcast would have done this the FCC would have gone MUCH harder after themReply -
Weatherbee-A It was already fined 150 million because of it, and it scales to the number of peoples who's rights where violated by the company etc. also Comcast almost got a nearly 1.7 Trillion $ fine over traffic filtering etc: P2P, and torrent protocols among others but some how dodges the fine and was given a dateline to turn over data/reason why they did it. and if the deadline was missed they would be forced to stop filtering traffic.Reply -
hdmark 16222156 said:It was already fined 150 million because of it, and it scales to the number of peoples who's rights where violated by the company etc. also Comcast almost got a nearly 1.7 Trillion $ fine over traffic filtering etc: P2P, and torrent protocols among others but some how dodges the fine and was given a dateline to turn over data/reason why they did it. and if the deadline was missed they would be forced to stop filtering traffic.
Ahh ok I feel better now :D -
IInuyasha74 It was already fined 150 million because of it, and it scales to the number of peoples who's rights where violated by the company etc. also Comcast almost got a nearly 1.7 Trillion $ fine over traffic filtering etc: P2P, and torrent protocols among others but some how dodges the fine and was given a dateline to turn over data/reason why they did it. and if the deadline was missed they would be forced to stop filtering traffic.
Do you have a source on that info? I can't find any record showing that Terrcacom has been fined anything in the last several years.
The FCC does have a record stating that they were initially after $10 million from Terracom and Yourtel for allowing this breach to occur. This was posted in October, 2014. The companies seem to have negotiated down to $3.5 million however. It doesn't appear that any other fines or charges has been placed against Terracom or Yourtel for this data breach.
https://www.fcc.gov/document/fcc-plans-10m-fine-carriers-breached-consumer-privacy