Policy

Scripps News Says It Uncovered Unsecured Lifeline Personal Data

Part of Investigative Series on Data Security; Investigation Targets Say Scripps Is One Breaching Security 5/20/2013 10:22 AM Eastern

Scripps News, which serves the company's broadcast, newspaper and online properties, Monday began publishing stories that is has uncovered data security lapses affecting thousands of customers whose data was collected by companies participating in the government's Lifeline phone subsidy program. The FCC is testing an expansion of that program to broadband subsidies.

According to the news service, its Privacy on the Line investigation turned up 170,000 records containing personal data -- Social Security numbers, financial account information -- widely available online from two companies participating in the program.

Scripps says that lawyers for the two companies, TerraCom and YourTel, counter that Scripps accessed the records illegally. Scripps denies the charge. YourTel  and TerraCom have posted virtually identical notices on their respective websites saying their data was breached by Scripps and "possibly by other unauthorized persons," although they say that "there appears to be no evidence to indicate that a malicious attack occurred on our computer systems, nor does it appear that any applicant has been injured as a result of the unauthorized accessing of personal data files by the news organization or any others."

"Contrary to the claims by Scripps Howard that this information was all ‘publicly posted data online’ and tens of thousands of Lifeline applicants’ personal data was available through ‘simple Internet searches,’ a digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants," said Dale Schmick, Chief Operating Officer of TerraCom, in a statement.  "This is a very serious matter and, upon learning of the Scripps Howard breach, we immediately implemented security measures to prevent any future unauthorized access to applicant files by any means. Subsequent attempts by the news service to access applicant personal files have been blocked by TerraCom’s enhanced security measures."

A Scripps spokesperson said that the news service had offered to demonstrate to TerraCom officials how it found teh records, but the company had declined interview requests and to provide any evidence of its charge that Scripps had accessed any non-public info (http://www.knoxnews.com/news/2013/may/20/illinois-ag-investigate-phone-c...).

There are federal regulations on securing and limits on retention of that customer data, Scripps pointed out.

According to the news service, government officials in two states are investigating the "dubious" data collection practices. An FCC spokesman had no comment on whether it, too, was looking into the matter, but did say: "While we don’t generally confirm or deny the existence of a specific investigation, we are aware of this incident.

Both the FCC and Congress are in the process of trying to reform the Lifeline program to prevent waste, fraud and abuse as the government considers expanding/transitioning that program to broadband as it is doing with other phone subsidies.