Phone companies YourTel America and TerraCom have agreed to pay $3.5 million to resolve an FCC investigation into allegations that they stored customer personal information on unprotected servers.
The spotty practice resulted in a data breach which allowed virtually anyone with a search engine to access Social Security numbers, drivers licenses and other sensitive information the companies had collected from over 300,000 consumers.
The settlement also resolves the FCC's investigation for YourTel for allegedly failing to remove ineligible Lifeline subscribers after the FCC told it to, resulting in unwarranted payments from the federal subsidy program.
The personal information had been collected to establish eligibility for the lifeline program, a phone subsidy for low-income Americans that is being migrated to a broadband subsidy.
The FCC is currently deciding how to enforce its new authority over broadband providers' protection of customer information, power it gained through the Title II reclassification of ISPs.
“Consumers rightly expect that companies will take every reasonable precaution to protect their personal information,” said Travis LeBlanc, chief of the FCC’s Enforcement Bureau. “It is a breach of customer trust for a company to promise to protect personal information while failing to take reasonable measures to protect sensitive customer information from unauthorized access by anyone with a search engine."
In addition to paying the money, the companies have pledged to boost privacy and data security, including a risk assessment and strict oversight of vendors, and provide free credit monitoring services for any affected individuals.