Tuesday, 28 October 2014

telecom-service-hacked
US Telecom Operators Get Fined $10M by FCC For Not Securing Customers' Data

It's a pity when Two well known US Mobile Operator stored customers' sensitive data on the server which was not secured by any mean. As a result of that, FCC fined both of the company with $10M.

The Two Telecom companies  who were fined are TerraCom and YourTel. 

The alleged Telecom Companies are known for offering telecom services for middle-class households in US.Their this scheme requires every applicants to upload their financial records online as a proof of their eligibility for the scheme.

The companies collected names, addresses, social security numbers, driver’s licenses, and other proprietary information (PI) belonging to over 300,000 customers. They then stored it on fully unprotected servers. Any normal internet user with basic search technique knowledge could get the data.

The more shocking news is that they did not even try to encrypt the password with any kind of encryption technique. In today's world password encryption is a common method. Even small websites having databases also encrypt user passwords. How can US's top Telecom Companies ignore such things while their customers could have faced Identity theft or other serious consumers harms.

The scenario becomes funnier when the Two Companies declares by modifying their Privacy Policy that they have safe-guarded customers details by implementing necessary security features while the truth is they haven't.

This worst case couldn't be exposed in public if a Reporter working for Scripps Howard News Service discovered the no-security data servers in early 2013.

Without accepting the fact, Two Telecom Companies alleged the reporter and even reported FCC that the reporter himself intentionally hacked the servers.

According to FCC, 
Between March 24, 2013, and April 26, 2013, Scripps accessed at least 12,806,611 confidential records and documents submitted by subscribers and applicants for the companies’ services. Scripps located a consumer’s data file by conducting a simple Google search. Once it had located a single file, Scripps shortened that file’s URL and obtained access to the entire directory of applicant and subscriber data. On April 26, 2013, Scripps alerted the companies that it had accessed their servers and had retrieved the PI of subscribers and applicants stored there.
 Both the Telecom Companies hired Vcare, IT Coampany, for the Data Storage and security of it which,well can be seen easily, was not done properly.

0 comments:

Post a Comment