NPR : Tell Me More

Filed Under:

My Social Security Number Is Posted Where?

Play associated audio

Sensitive personal information belonging to thousands of applicants to a government phone program was exposed to the public on the Internet, according to a new investigative report from Scripps Howard News Service.

The federal program is called Lifeline, and it reimburses phone companies for providing service to low-income Americans.

Scripps reporter Isaac Wolf says he was able to access more than 100,000 records from one of those private companies online. That includes Social Security numbers, birth dates, home addresses and even copies of nutrition assistance and welfare cards.

Wolf says the company, TerraCom, and its affiliate, YourTel America, have a lot of explaining to do about exactly how — and why — these records were accessible online.

"They have records that appear to go back well into last year — these types of photocopies, these scans of people's Social Security cards, drivers' licenses, food stamp cards. And it's not clear why they had them in the first place."

Carriers are allowed to request supporting personal documentation but are not supposed to retain them, according to Lifeline's administrators.

In a statement sent to NPR, TerraCom's Chief Operating Officer Dale Schmick says the company "deeply regrets" the data disclosure. "This is a very serious matter and, upon learning of the Scripps Howard breach, we immediately implemented security measures to prevent any future unauthorized access to applicant files by any means," he wrote. The company has also said it has notified federal and state regulators. The Indiana attorney general's office confirmed Monday that it would investigate the breach.

The company asserts that the personal data was only accessible to the reporter using sophisticated computer techniques. Wolf says everything he found was publicly accessible.

TerraCom's full statement follows:


Statement from Dale Schmick, Chief Operating Officer of TerraCom, and YourTel America:

"We deeply regret that the personal data of 343 Lifeline applicants were accessed by unidentified third parties or mistakenly made available through Internet searches. Some of this activity may have been the direct result of the unauthorized access of approximately 170,000 applicant personal data files by the Scripps Howard News Service through more sophisticated online searches.

"This is a very serious matter and, upon learning of the Scripps Howard breach, we immediately implemented security measures to prevent any future unauthorized access to applicant files by any means. Subsequent attempts by the news service to access applicant personal files have been blocked by TerraCom's enhanced security measures.

"We've established a toll-free number for applicants to contact us with questions (1-855-297-0243). Since Scripps Howard has assured us that they do not plan to publicly release the personal data that they possess through unauthorized access, we are providing credit reporting/identity theft assistance for those whose data was accessed by unidentified third parties other than the news service to help monitor against potential fraudulent activity on their banking and credit card accounts.

"We've notified federal and state regulators, and law enforcement, of this breach and are in ongoing discussions with them.

"Contrary to the claims by Scripps Howard that this information was all 'publicly posted data online' and tens of thousands of Lifeline applicants' personal data was available through 'simple Internet searches,' a digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants.

"The personal data that was previously available through Internet searches was limited to the files of 270 applicants and we've subsequently taken action to eliminate any further public access to that data.

"The news service had to identify non-public directories in TerraCom's computer system and decipher sophisticated URL addresses that included sequences of 14 random numbers to download the 170,000 files they now have in their possession. It is unfortunate that Scripps Howard has remained silent about the full extent of its role in this incident and has omitted these facts in its ongoing reporting of this incident."

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

NPR

Writing The Wicked Ways Of The 'Worst. Person. Ever.'

Raymond Gunt is profane, rude, heartless and truly the Worst. Person. Ever. Author Douglas Coupland says he's not exactly sure how the character, with no redeeming qualities, came into his mind.
NPR

Can Wal-Mart Really Make Organic Food Cheap For Everyone?

The giant retailer says it's adding a new line of organic food that's at least 25 percent cheaper. But a large-scale production and supply of organic food likely can't be achieved overnight.
NPR

Obama Adds Malaysia To His Asia Itinerary

Obama travels to Malaysia next week, where the government is under fire for the handling of a missing airliner. NPR's Wade Goodwyn talks to Joshua Kurlantzick of the Council on Foreign Relations.
NPR

Watch For The Blind Lets You Feel Time Passing

A new watch allows the blind to feel time on their wrists. Designer Hyungsoo Kim tells NPR's Wade Goodwyn his watch allows users to tell time accurately without revealing their disabilities.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.