Charter Communications acknowledged a data breach where about 4 million records containing personal information on former Time Warner Cable customers were left unsecured on a cloud server last month. And though the parent company said there is no evidence that the data has been used against former TWC customers, it urged subscribers with the MyTWC app to change their user names and passwords to minimize any risk.
According to tech website Gizmodo, the breach was discovery by the Kromtech Security Center, which was investigating an unrelated security breach at World Wrestling Entertainment. Apparently, BroadSoft, a TWC vendor, left the records on an Amazon Web Services server without a password on Aug. 24.
According to Gizmodo, not all of the records contained information on specific customers and some of the data was duplicative, meaning the security glitch probably involved less than 4 million customers. Charter, which purchased Time Warner Cable last year, has about 17 million customers.
But the tech website said the leaked data did include information like usernames, email addresses, device serial numbers and financial transaction information. The site said it did not appear that any Social Security numbers or credit card information was exposed.
“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter said in a statement. “Upon discovery, the information was removed immediately by the vendor, and we are currently investigating this incident with them. There is no indication that any Charter systems were impacted. As a general security measure, we encourage customers who used the MyTWC app to change their user names and passwords. Protecting customer privacy is of the utmost importance to us. We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident.”