Journalists at Scripps Howard News Service have discovered that lax security by two private companies allowed access to the sensitive personal information of roughly 170,000 low-income Americans with just a simple Internet search. The major security breach places the individuals, all of whom participated in a government program called Lifeline, at risk of identity theft. The companies have acknowledged that unknown individuals have already viewed the personal information of 343 victims.
It’s part of a rampant problem in the U.S., with 12.6 million Americans falling victim to some form of identity theft last year alone. Using personal data, cyber thieves were able to steal $21 billion from millions of victims.
Launched in 1985, the Lifeline program is run by the Federal Communications Commission. The program is designed to help low-income Americans afford basic telephone services, including cellular telephones.
The Commercial Appeal reports that the discount for eligible participants averages $9.25 per month, but depends on the state of residence and type of phone services. The program is funded primarily by American consumers, who pay $2.2 billion in annual costs. The average cell phone user contributes $2.73 in monthly surcharges.
The program has functioned with few major incidents until a recent investigation by Scripps Howard News Service found that hundreds of thousands participating in the program have been put at risk of identity theft after Oklahoma City-based TerraCom Inc. and its affiliate, YourTel America Inc. leaked sensitive information online.
For Linda Mendez, 51, of San Antonio, having assistance with her cell phone bill afforded her the opportunity to stay in touch with her husband, three children and 13 grandchildren. Scripps reporters showed Mendez a copy of the Lifeline application she’d completed for TerraCom, and she was shocked to hear that her personal data was now available on the Internet.
“How can they make it so easy like this for people to steal somebody’s identity?” Mendez said.
It’s a major problem that could harm an already vulnerable population.
“Your Social Security number is really the most important, sensitive piece of information about yourself that can be used by identity thieves to open accounts in your name, to pass themselves off as you,” said Isaac Wolf of Scripps Howard News Service during a recent National Public Radio interview.
The information has since been taken offline, but there are still questions left unanswered. TerraCom Inc. has yet to offer an explanation as to how the sensitive information was leaked in the first place, only offering an acknowledgement that the security breach happened.
“This is a very serious matter and, upon learning of the Scripps Howard breach, we immediately implemented security measures to prevent any future unauthorized access to applicant files by any means,” Dale Schmick, chief operating officer of TerraCom and YourTel America, told NPR.
Instead of thanking Scripps Howard for bringing the breach to their attention, officials for TerraCom threatened legal action, accusing “Scripps hackers” of “numerous violations of the Computer Fraud and Abuse Act.” Reporters for Scripps Howard deny these allegations, claiming they found the information using a basic Google search.
The stakes for such a serious data breach area high for TerraCom Inc., which could be fined $1.5 million per victim, according to FCC guidelines.