Ring Ring its the FCC Calling TracFone to Pay 16M to Settle FCC Investigation Eye On Privacy

pTimely Updates and Analysis on Privacy and Cybersecurity IssuesppTracFone the prepaid phone company recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents According to the FCC in each of the incidents threat actors gained access to customer information including names addresses and features to which customers had subscribed The threat actors were able to gain access by exploiting vulnerabilities in the customerfacing application programming interfaces or APIsppTracFone reported the initial breach to the FCC in January 2022 It then experienced two additional breaches of which it notified the FCC in December 2022 and January 2023 These notices occurred before the recent changes to the FCCs data breach notification rule In both incidents threat actors again exploited API vulnerabilities and used those vulnerabilities accessed users order informationppThe FCC alleged that the incidents occurred because TracFone did not have adequate security measures in place in violation of FCCs rules for telecommunication carriers As part of the settlement TracFone has agreed toppPutting It Into Practice This settlement is a reminder that regulators may look closely after an incident at a companys security and compliance measures The elements of this settlement including access controls risk assessments and compliance monitoring suggest the types of procedures are expectedppLiisa Thomas a partner based in the Chicago and London offices is Leader of the firms Privacy and Cybersecurity Practice GroupppTracy Chau is a privacy and cybersecurity associate based in the Chicago office She is a member of the Intellectual Property Practice Group and the Privacy and Cybersecurity TeamppKathryn Katie Smith is a Cybersecurity and Privacy Fellow in the firms Chicago office and a member of the Privacy and Cybersecurity Team She is certified by the International Association of Privacy Professionals IAPP for CIPPUSppThis alert is provided for information purposes only and does not constitute legal advice and is not intended to form an attorney client relationship Please contact your Sheppard Mullin attorney contact for additional informationppSheppard Mullins Eye on Privacy Blog offers breaking industry news legal analysis and updates on emerging issues involving a variety of privacyrelated topicsppSheppard Mullin is a fullservice Global 100 firm with more than 1000 attorneys in 16 offices located in the United States Europe and Asia Since 1927 industryleading companies have turned to Sheppard Mullin to handle corporate and technology matters highstakes litigation and complex financial transactions In the US the firms clients include more than half of the Fortune 100 For more information please visit wwwsheppardmullincomppBy scrolling this page clicking a link or continuing to browse our website you consent to our use of cookies as described in our Cookie and Advertising Policy If you do not wish to accept cookies from our website or would like to stop cookies being stored on your device in the future you can find out more and adjust your preferences hereppAgreep