Comcast Agrees to Pay $33 Million in Data Breach Settlement for Leaking Thousands of Unlisted Numbers
Kelly Vargas writes:
On September 17, 2015, the California Public Utilities Commission (CPUC) approved a $33 million settlement between Comcast, CPUC staff, and the California Attorney General’s office (along with public interest groups TURN and the Greenlining Institute), related to a Comcast data breach that resulted in the personal information (name, address and telephone number) of nearly 75,000 Comcast “non-published” XFINITY Voice customers in California being posted on the Internet.
As the CPUC’s briefing explains, Comcast disseminated these customers’ personal information when it sent information about all of its telephone subscribers, including unpublished numbers, to Targus/Neustar, the company Comcast chose to license and sell Comcast subscriber listings. The apparent problem was that Comcast failed to put a “privacy flag” on the unpublished numbers, which led to Targus/Neustar using those subscriber listings in their own database, distributing them to at least one national directory assistance operator, and publishing them online where they became available to other data brokers. Why Comcast disseminated these numbers in the first place is unclear.
Read more on EFF.