Over 100,000 At Risk After Security Breach At Oklahoma Cell Phone Companies

Our 6 Investigates team has learned of a major security breach at two of the cell phone companies we've been investigating, putting the identities of more than 100,000 people at risk.

TerraCom and YourTel are based out of Oklahoma City and provide the government subsidized cell phone service called Lifeline, that's been the focus of 6 Investigates stories.

Friday, executives confirmed their website was not secure, allowing a media company and others to get unauthorized access to 150,000 personal data files.

That means anyone who's filled out an application for the Lifeline program through TerraCom or YourTel could have had their personal information stolen.

2/11/2013 Related Story: Despite Reforms, Federal Cell Phone Program Still Plagued By Fraud

The applications included names, addresses and social security numbers.

The COO of the companies said, "This is a very serious matter and we are actively investigating the full extent of any security breach of our computer systems."

He said the companies would pay for credit monitoring service for 340 of those applicants, whose information was most at risk.

It's not clear how many of those applicants were in Oklahoma, but this state is the biggest market for those companies.

If you've applied for Lifeline through one of these companies you'll want to call the toll-free number they set up to deal with this. That number is 1-855-297-0243.

Full statement from Dale Schmick, Chief Operation Officer of TerraCom, Inc./YourTel America, Inc.

"On April 26, 2013, the companies were made aware of the fact that Scripps Howard News Service was able to access personal data files of applicants seeking enrollment in the program.

We deeply regret that this incident occurred, and we are sorry that personal data of Lifeline applicants was recently accessed by Scripps Howard News Service without authorization. This is a very serious matter and we are actively investigating the full extent of any security breach in our computer systems and we've taken steps to eliminate any potential release of personal data in the future.

This is the first time that we or our third party vendor have experienced a breach of security and we are committed to doing all that is possible to ensure that similar incidents do not occur in the future.

Upon being notified of the breach, we took immediate steps to secure the personal data of applicants to prevent any further unauthorized access to the files.

We know that that the comprehensive steps we took to protect consumers’ data have been effective, largely because our ongoing monitoring of individuals trying to gain unauthorized access the personal files of Lifeline applicants since the new security measures were put in place, including attempts by individuals with IP addresses at Scripps Howard News Service, were identified as failed attempts when trying to hack into our computer system.

Based on our ongoing investigation – being conducted in coordination with an independent digital forensics team – there appears to be no evidence to indicate that a malicious attack occurred on our computer systems, nor does it appear that any applicant has been injured as a result of the unauthorized access of personal data files by the news organization. Our digital forensics analysis shows that the news service didn't notify us when they first discovered that a few hundred files were searchable on the Internet, and instead put more than 150,000 applicants' personal data files at risk when they downloaded the records onto their computers and continued to try to get into the system without authorization. Although the news service will not hand over the data and will not verify what security measures they've taken to protect the data, they've assured us that they will not voluntarily disclose that information to third parties. There were also a few hundred applicant personal data files accessed without authorization by third parties other than the news service and we are committed to answering their questions and assisting them through this process. To the extent that new information comes to light regarding this matter we will take appropriate action to protect our customers and comply with all relevant laws and regulations.

We have established a toll-free number (1-855-297-0243) for applicants and customers to contact us with questions they may have. Live call center representatives are available to answer their questions and provide guidance on steps they can take to protect their financial information and guard against the potential for identify theft.

For the Lifeline applicants whose data was accessed without authorization by someone other than the news service, we will provide them with instructions on how to enroll in a credit-bureau monitoring service at no cost to them. We apologize for any inconvenience this situation has caused consumers and we are committed to helping them through this process."