Scripps News Says It Uncovered Unsecured Lifeline Personal DataPart of investigative series on data security; targets of investigation say Scripps was the one breaching security 5/20/2013 01:08:15 PM Eastern
Scripps News, which serves the company's broadcast,
newspaper and online properties, Monday began publishing stories on what it
says it has uncovered data security lapses affecting thousands of customers
whose data was collected by companies participating in the government's
Lifeline phone subsidy program. The FCC is testing an expansion of that program
to broadband subsidies.
According to the news service, its Privacy on the Line
investigation turned up 170,000 records containing personal data -- Social Security
numbers, financial account information -- widely available online from two
companies participating in the program.
Scripps says that lawyers for the two companies, TerraCom
and YourTel, counter that Scripps accessed the records illegally. Scripps denies
the charge. YourTel
and TerraCom have posted
virtually identical notices on their respective websites saying their data was
breached by Scripps and "possibly by other unauthorized persons,"
although they say that "there appears to be no evidence to indicate that a
malicious attack occurred on our computer systems, nor does it appear that any
applicant has been injured as a result of the unauthorized accessing of
personal data files by the news organization or any others."
"Contrary to the claims by Scripps Howard that this information was all ‘publicly posted data online' and tens of thousands of Lifeline applicants' personal data was available through ‘simple Internet searches,' a digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants," said Dale Schmick, Chief Operating Officer of TerraCom, in a statement. "This is a very serious matter and, upon learning of the Scripps Howard breach, we immediately implemented security measures to prevent any future unauthorized access to applicant files by any means. Subsequent attempts by the news service to access applicant personal files have been blocked by TerraCom's enhanced security measures."
A Scripps spokesperson said that the news service had offered to demonstrate to TerraCom officials how it found teh records, but the company had declined interview requests and to provide any evidence of its charge that Scripps had accessed any non-public info.
There are federal regulations on securing and limits on
retention of that customer data, Scripps pointed out.
According to the news service, government officials in two states are investigating the "dubious" data collection practices. An FCC spokesman had no comment on whether it, too, was looking into the matter, but did say: "While we don't generally confirm or deny the existence of a specific investigation, we are aware of this incident.
FCC and Congress
are in the process of trying to reform the Lifeline program to prevent waste,
fraud and abuse as the government considers expanding/transitioning that
program to broadband as it is doing with other phone subsidies.