FCC issues $10 million fine for data breach

Red-locksThe Federal Communications Commission (FCC) has levied a $10 million fine on two telecoms companies that allegedly stored the personal data of 300,000 customers online without adequate protection.

The two companies in question – YourTel America and TerraCom – share the same owners and management. From September 2012 to April 2013, both companies allegedly collected personal information from applicants – including social security numbers, dates of birth, addresses, names, and drivers’ license numbers – and then stored it on publicly accessible Internet servers.

The breach was discovered when reporters for the Scripps Howard News Service found the data with a simple Google search.

With the number of high-profile data breaches mounting, regulators such as the FCC will have to start playing more of a prominent role in data security in order to protect consumers. An official from the FCC said, “This is the first data security enforcement action [by the FCC], but it will not be the last.”

Organizations are already starting to see clients demand that they prove how serious they are about information security, and a growing number of them are implementing an ISO 27001-certified information security management system (ISMS) in response.

ISO 27001 is the internationally recognized ISMS standard, which provides a systematic approach to managing confidential or sensitive corporate information so that it remains secure.

Achieving certification to this standard not only improves your information security, but also provides a framework to support your adherence to many cybersecurity laws, including FISMAHIPAA, and Sarbanes-Oxley.

For further information on ISO 27001 and how it can help you comply with cybersecurity legislation in the US, download our free guide.

How ISO27001 can help you comply with cyber security legislation in the United States