Call it security through absurdity: a pair of telecom firms have branded reporters for Scripps News as "hackers" after they discovered the personal data of over 170,000 customers—including social security numbers and other identifying data that could be used for identity theft—sitting on a publicly accessible server. While the reporters claim to have discovered the data with a simple Google search, the firms' lawyer claims they used "automated" means to gain access to the company's confidential data and that in doing so the reporters violated the Computer Fraud and Abuse Act with their leet hacker skills.
The files were records of applicants for the Federal Communications Commission's (FCC) Lifeline subsidized cell phone program for low-income consumers. The applicants' information was collected for the telecom providers YourTel and TerraCom by Vcare, an India-based call center service contracted to verify applicants' eligibility. To qualify for the program, customers need to submit proof that they are enrolled in a federal or state assistance program such as Supplemental Security Income, food stamp programs, and the federally funded free school lunch program.
Vcare and the telecom providers are explicitly required to not retain this data under the regulations of the FCC program. However, the data was retained on Vcare's servers and posted to an open file-sharing area—and apparently indexed by Google's search engine in the process.