The two companies in question – YourTel America and TerraCom – share the same owners and management. From September 2012 to April 2013, both companies allegedly collected personal information from applicants – including social security numbers, dates of birth, addresses, names, and drivers’ license numbers – and then stored it on publicly accessible Internet servers.
The breach was discovered when reporters for the Scripps Howard News Service found the data with a simple Google search.
With the number of high-profile data breaches mounting, regulators such as the FCC will have to start playing more of a prominent role in data security in order to protect consumers. An official from the FCC said, “This is the first data security enforcement action [by the FCC], but it will not be the last.”
Organizations are already starting to see clients demand that they prove how serious they are about information security, and a growing number of them are implementing an ISO 27001-certified information security management system (ISMS) in response.
ISO 27001 is the internationally recognized ISMS standard, which provides a systematic approach to managing confidential or sensitive corporate information so that it remains secure.
Achieving certification to this standard not only improves your information security, but also provides a framework to support your adherence to many cybersecurity laws, including FISMA, HIPAA, and Sarbanes-Oxley.
For further information on ISO 27001 and how it can help you comply with cybersecurity legislation in the US, download our free guide.