General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsJournalists Find Massive Data Security Lapse, Get Threats Instead of Thanks
A thank you might be in order if you find a massive leak of a companys sensitive customer records on the Internet and raise alarm so the problem can be fixed. But thats not how it always goes down, as a team of investigative reporters for the Scripps News Service recently found out the hard way.
In a recent report, the Scripps journalists say they found through a basic Google search a gaping security hole exposing more than 170,000 records related to customers of and applicants for Lifeline, the federal program for low-income Americans that offers a discounted phone service. The information, involving people from at least 26 states, included Social Security numbers, scans of passports, drivers licences, parole letters, food-stamp cards, tax records, home addresses, and financial accounts. Scripps reports that the records were widely available online this spring after being collected for two phone carriers participating in the program: Oklahoma City-based TerraCom Inc. and its affiliate, YourTel America Inc. A Scripps reporter first uncovered the records while searching for PDF files attached to the TerraCom website.
The data leak appears to have put hundreds of Lifeline customers at serious risk of identity theft and may constitute a violation of privacy and data protection laws. (Indianas attorney general is already reportedly probing the breach, and the FCC has commented that a single privacy violation could cost a company as much as $1.5 million.) Scripps says it notified the companies of the security hole and within hours, (the records) no longer were publicly accessible. But instead of thanking the journalists for flagging up the issue, Jonathan Lee, legal counsel for TerraCom and YourTel, sent an angry and threatening letter to Scripps, referring to Scripps hackers and accusing the reporters of numerous violations of the Computer Fraud and Abuse Act. In one bizarre passage, Lee even claims that it is Scripps, not the companies responsible for the data leak in the first place, that should expect to pay any fines:
David Giles, Scripps deputy general counsel, responded to the accusation that the reporters hacked the information by calling on the companies to stop the name calling and the legal posturing and instead address the apparent careless security practices raised by the story. Regardless of the flowery moniker you have used to characterize the bureau's newsgathering activities, the bureau's reporters have not violated the Computer Fraud and Abuse Act or any other law or regulation, Giles wrote in a letter sent to TerraCom and YourTels lawyers earlier this month.
More Here
leveymg
(36,418 posts)However, there may be others who might want a copy of those records to create a new you. This is a really serious breach.