The Oklahoma City-based wireless companies TerraCom and YourTel America said Monday that journalists had accessed the personal information of about 150,000 prospective clients and that the personal information of 200 people had been readily available online via a simple Google search.
The companies also admitted Monday that the files of about 343 applicants had been accessed online by unidentifiable IP addresses. The companies are in the process of contacting the applicants whose files may have been breached and is offering them free credit monitoring for a year, they said Monday.
“We really apologize to our customer that they are being subjected to this and we have made sure that this will never happen again,” said Dale Schmick, chief operating officer of TerraCom. “We have gone to great lengths above and beyond what anyone could imagine to ensure these files are safe now.”
TerraCom is the parent company to YourTel. Both companies provide government-subsidized cellphones and home phone service for low-income customers through the federal Lifeline program.
TerraCom and YourTel admitted to the data breaches after reporters from Scripps Howard News Service were able to access and download the information from a third-party vendor the companies use to maintain the data.
The companies have accused Scripps Howard of going beyond a simple Internet search to access directories maintained by a third-party vendor that contain sensitive applicant data including income and social security numbers. The companies have alerted the FBI about the data breaches, Schmick said Monday.
Scripps Howard accessed the files for solely journalistic purposes, said Ellen Weiss, Washington, D.C., bureau chief for Scripps Howard.
“We absolutely did not hack — we found these files by doing a simple Google search,” Weiss said. “The issue is not with us.”
Journalists from the Scripps Howard News Service also shot video showing how they were able to access the data, she said.
“While TerraCom does not believe the journalists accessed and downloaded the personal data with malicious intent, it hopes they will keep the personal data secure now that it is in the possession of the news service,” Schmick said. “It is fundamentally important that Scripps Howard has taken measures to secure the data to prevent a cyber attack from happening to them, further compromising the data.”