Comcast Data Breach Leaks Thousands of Unlisted Phone Numbers, Threatening Customers’ Privacy

Adi Kamdar  of EFF writes:

The longer my information is out there, the worse the issue gets, yet still no action. I have paid for unpublishing my information for years as I testified in a murder trial. Now, my wife, children, and I are [a]ll in danger; and I have nowhere to turn.

Four years ago, users of Comcast’s phone service who had paid for their personal information to be unlisted noticed that something was amiss. Complaints started appearing from these individuals who found their names, addresses, and telephone numbers in phone directories both online and off.

Later, it was revealed that this breach of confidential information affected more than 74,000 individuals and households in California—over half of Comcast’s users in California with unlisted numbers. While the breach hit California the hardest, it also occurred with Comcast customers in other states. These numbers were treated just like ordinary listed phone numbers, licensed by Comcast to “publishers,” directory assistance providers, and apparently passed on to other databases and published for everyone to see.

This is but one example of how a mistake in an industry built upon the acquisition and selling of personal information can hurt people.  And this is why California law requires phone companies to protect their customers’ unlisted or non-published phone numbers.1 The California Public Utilities Commission (PUC) has opened up an investigation [pdf] to determine whether and to what extent Comcast may have broken the law in allowing this release of non-published numbers. EFF Senior Staff Attorney Lee Tien has submitted testimony [pdf] as an expert witness for the California PUC in this case.

Read more on EFF.

About the author: Dissent