BreachExchange mailing list archives
Response from TerraCom, Inc.
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Mon, 20 May 2013 11:48:28 -0500
http://www.knoxnews.com/news/2013/may/18/response-terracom-inc/ "On April 26, 2013, the companies were made aware of the fact that Scripps Howard News Service was able to access personal data files of applicants seeking enrollment in the program. We deeply regret that this incident occurred, and we are sorry that personal data of Lifeline applicants was recently accessed by Scripps Howard News Service. This is a very serious matter and we are actively investigating the full extent of any security breach in our computer systems and we've taken steps to eliminate any potential release of personal data in the future. This is the first time that we or our third party vendor have experienced a breach of security and we are committed to doing all that is possible to ensure that similar incidents do not occur in the future. Upon being notified of the breach, we took immediate steps to secure the personal data of applicants to prevent any further unauthorized access to the files and because of the additional safeguards now in place, we are fully confident that the applicants' personal data is secure. Based on our ongoing investigation – being conducted in coordination with an independent digital forensics team – there appears to be no evidence to indicate that a malicious attack occurred on our computer systems, nor does it appear that any applicant has been injured as a result of the unauthorized access of personal data files by the news organization. Our digital forensics analysis shows that the news service didn't notify us when they first discovered that a few hundred files were searchable on the Internet, and instead put more than 100,000 applicants' personal data files at risk when they downloaded the records onto their computers. Although the news service will not hand over the data and will not verify what security measures they've taken to protect the data, they've assured us that they will not voluntarily disclose that information to third parties. There were also a few hundred applicant personal data files accessed without authorization by third parties other than the news service and we are committed to answering their questions and assisting them through this process. To the extent that new information comes to light regarding this matter we will take appropriate action to protect our customers and comply with all relevant laws and regulations. We have established a toll-free number (1-855-297-0243) for applicants and customers to contact us with questions they may have. Live call center representatives are available to answer their questions and provide guidance on steps they can take to protect their financial information and guard against the potential for identify theft. For the Lifeline applicants whose data was accessed without authorization by someone other than the news service, we will provide them with instructions on how to enroll in a credit-bureau monitoring service at no cost to them. We apologize for any inconvenience this situation has caused consumers and we are committed to helping them through this process." _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Response from TerraCom, Inc. Erica Absetz (May 20)