Scripps investigation into security risks draws scrutiny
Ellen Weiss, Scripps Howard News Service
4:29 PM, May 15, 2013
5:33 PM, May 15, 2013
WASHINGTON - Customers of Lifeline, a federal program for low-income Americans, benefit by getting discounted phone service. But tens of thousands also face a liability: an increased risk of identity theft.
A Scripps News investigation has uncovered more than 170,000 records -- listing sensitive information such as Social Security numbers, home addresses and financial accounts. These were widely available online this spring after being collected for two phone carriers participating in the program: Oklahoma City-based TerraCom Inc. and its affiliate, YourTel America Inc.
The Scripps News team discovered the unsecured records while looking into companies participating in Lifeline. A simple online search into TerraCom yielded a Lifeline application that had been filled out and was posted on a site operated by Call Centers India Inc., under contract for TerraCom and YourTel. A reporter conducted another Google query of that site, and the search engine returned scores of applications. Scripps videotaped the process.
The reporter immediately shared the findings with editors, who assembled an editorial, technical and legal team to responsibly and legally gather and secure the records for reporting purposes.
The Scripps team used computer code to download the publicly available records, securing them both electronically and physically. To verify the documents' authenticity, reporters contacted dozens of individuals named in them and spoke with privacy experts and others.
On April 26, Scripps notified Dale Schmick, chief operating officer for both TerraCom and YourTel, of the posted records. Within hours, they no longer were publicly accessible.
In a letter, a lawyer for both phone companies accused Scripps of accessing the records illegally. Scripps denied that allegation and offered to demonstrate how it found the documents online.
Schmick and the companies have declined Scripps' repeated requests for an interview.
On Friday, TerraCom
posted a notice on its website home page that the company "was recently a victim of a security breach that resulted in unauthorized access to some applicant's (sic) personal data stored on our computer servers."
Scripps will publish and broadcast stories from its investigation beginning this weekend.