Comcast Data Breach of Unlisted Phone Numbers Threatens Customers

By Adi Kamdar, Electronic Frontier Foundation:

The longer my information is out there, the worse the issue gets, yet still no action. I have paid for unpublishing my information for years as I testified in a murder trial. Now, my wife, children, and I are [a]ll in danger; and I have nowhere to turn.

Four years ago, users of Comcast’s phone service who had paid for their personal information to be unlisted noticed that something was amiss. Complaints started appearing from these individuals who found their names, addresses, and telephone numbers in phone directories both online and off.

Later, it was revealed that this breach of confidential information affected more than 74,000 individuals and households in California—over half of Comcast’s users in California with unlisted numbers. While the breach hit California the hardest, it also occurred with Comcast customers in other states. These numbers were treated just like ordinary listed phone numbers, licensed by Comcast to “publishers,” directory assistance providers, and apparently passed on to other databases and published for everyone to see.

This is but one example of how a mistake in an industry built upon the acquisition and selling of personal information can hurt people.  And this is why California law requires phone companies to protect their customers’ unlisted or non-published phone numbers. The California Public Utilities Commission (PUC) has opened up an investigation [pdf] to determine whether and to what extent Comcast may have broken the law in allowing this release of non-published numbers. EFF Senior Staff Attorney Lee Tien has submitted testimony [pdf] as an expert witness for the California PUC in this case.

These customers were paying Comcast every month to keep their personal information out of public databases. Many of these customers rely on having a non-published number to withhold their names, telephone numbers, and addresses from public lists, not only to preserve their privacy, but to protect their safety. Data breaches like Comcast’s can have grave consequences; many complaints explicitly mention abusive relationships or serious threats. As one complainant wrote:

They have put my life in danger & this is not the littlest bit of exaggerating…. I’m tired of getting the runaround & have now contacted corporate office, being paraplegic already how am I suppose [sic] to protect myself from a man that has threatened to kill me…

Comcast claims to have first heard about this breach in October of 2012, and they reported the error to California’s Public Utilities Commission in January 2013. However, the Commission has found complaints about wrongly published unlisted numbers from more than two years earlier.

While “getting the runaround” from Comcast has become a matter of course, these reports reveal the actual danger that can come from a breach. And such breaches will only happen more often as more data is collected, shared, and sold.

Earlier this year, the Federal Trade Commission released its long-awaited report on the hidden intricacies of the data economy, focusing on data brokers. Apparent is the scope of use for consumer data: from marketing to risk mitigation and debt collection. Information gleaned from phone number databases can be used to flesh out profiles of individuals, making them easier targets for advertising campaigns and services—and more visible to those who want to find them.

Senior citizens often unlist their phone numbers to escape unwanted telemarketer calls. Yet, as the FTC report and many articles note, seniors are one of the more sought after segments of the population, since they are often vulnerable to deals, tricks, and scams. (For a specific example, the New York Times covered the story of Charles Guthrie, who was duped after a data broker sold his number to thieves.)

Consumers with unlisted numbers have a serious expectation of privacy, and Comcast broke not only their contracts with these customers, but most likely the law. There will be an evidentiary hearing in this case in September. By Adi Kamdar, Electronic Frontier Foundation

Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.



  2 comments for “Comcast Data Breach of Unlisted Phone Numbers Threatens Customers

  1. I had a separate article on how it is getting harder and harder to prevent hackers and data breaches.

    This, to me, looks like the death of internet commerce if we can’t get this problem solved.

    • dc.sunsets says:

      Only because “money” is unrelated to underlying action/production/etc. (being created out of thin air by unbacked lending) has this not already collapsed the banking system. There is little doubt in my mind that thieves are stealing the system blind on a daily basis, but that the Feral Reserve is just back-filling the losses with keystrokes. Who can doubt that highly-adept thieves are mining the international banking system far more successfully than anyone can mine Bitcoins.

Comments are closed.