Verizon Communications is paying the US government a settlement of $7.4 million following an investigation into how the company notifies customers of their privacy rights before using their information for marketing, according to the US Federal Communications Commission. This marks the largest fine relating to phone customers’ privacy in FCC history. The agency’s investigation discovered that beginning in 2006, the company didn’t provide roughly 2 million new landline telephone customers with proper privacy notices—explaining how to opt out of having their personal information provided for marketing offers—in their first bill. Under US law, phone companies cannot use customers’ personal data for marketing without their permission. Under the terms of the settlement, Verizon will send opt-out notices with every telephone bill. Verizon said that it advertently violated FCC rules that it takes the agency’s regulations seriously, and that it has implemented measures to avoid a recurrence. (Reuters)
Saturday, September 27, 2014
Friday, November 15, 2013
Verizon Vulnerability Left Subscribers’ Texting Histories Accessible
A vulnerability in Verizon Wireless’ Web-based customer portal let anyone with subscribers’ phone numbers download their complete short-message-service history, including the phone numbers of people with whom they communicated. The Verizon website failed to verify that the number entered into the application actually belonged to the person entering it. Once a number was entered, the person could download its SMS message history. A Verizon customer reportedly discovered the vulnerability and reported it to the company. Verizon then took more than a month to resolve the issue and another month to publicly disclose it. Verizon issued a statement to Engadget stating “we addressed this issue as soon as our security teams were made aware of it. Customer information was not impacted.” (SlashDot)(ThreatPost)(Engadget)
