Oklahoma City-based wireless companies report data breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://newsok.com/article/3809598

The Oklahoma City-based wireless companies TerraCom and YourTel
America said Monday that journalists had accessed the personal
information of about 150,000 prospective clients and that the personal
information of 200 people had been readily available online via a
simple Google search.

The companies also admitted Monday that the files of about 343
applicants had been accessed online by unidentifiable IP addresses.
The companies are in the process of contacting the applicants whose
files may have been breached and is offering them free credit
monitoring for a year, they said Monday.

“We really apologize to our customer that they are being subjected to
this and we have made sure that this will never happen again,” said
Dale Schmick, chief operating officer of TerraCom. “We have gone to
great lengths above and beyond what anyone could imagine to ensure
these files are safe now.”

TerraCom is the parent company to YourTel. Both companies provide
government-subsidized cellphones and home phone service for low-income
customers through the federal Lifeline program.

TerraCom and YourTel admitted to the data breaches after reporters
from Scripps Howard News Service were able to access and download the
information from a third-party vendor the companies use to maintain
the data.

The companies have accused Scripps Howard of going beyond a simple
Internet search to access directories maintained by a third-party
vendor that contain sensitive applicant data including income and
social security numbers. The companies have alerted the FBI about the
data breaches, Schmick said Monday.

Scripps Howard accessed the files for solely journalistic purposes,
said Ellen Weiss, Washington, D.C., bureau chief for Scripps Howard.

“We absolutely did not hack — we found these files by doing a simple
Google search,” Weiss said. “The issue is not with us.”

Journalists from the Scripps Howard-owned televisions station KJRH in
Tulsa also shot video showing how they were able to access the data,
she said.

“While TerraCom does not believe the journalists accessed and
downloaded the personal data with malicious intent, it hopes they will
keep the personal data secure now that it is in the possession of the
news service,” Schmick said. “It is fundamentally important that
Scripps Howard has taken measures to secure the data to prevent a
cyber attack from happening to them, further compromising the data.”
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.