dslreports logo
 story category
AT&T, CenturyLink Sued for Exposing Private Subscriber Data

DirecTV (AT&T) and CenturyLink are facing a new class action lawsuit (pdf) alleging that the companies left private customer data online available for anybody to find via a simple search. The lawsuit, first reported by Geekwire, was filed Monday in US District Court in Seattle. The plaintiff claims that a simple online search for his phone number allowed him to find his "name, address, telephone number and other information" unsecured online for anybody to view.

Click for full size
"Plaintiff Jantos, through a simple internet search using a common search engine, discovered that his March 2017 bill from CenturyLink and DirecTV/DirecTV, LLC, was publicly available for anyone to view on the internet," the lawsuit alleges. "The bill contained personally identifiable information, including his name, address, phone number, phone numbers that he had called and received calls from, and his DirecTV/DirecTV, LLC, billings."

"Concerned, and unsure if the information was only available to him due to his previous online access to his account, he investigated the scope of the disclosure," the lawsuit continues, noting that the plaintiff was "able to easily access personally identifying information of other subscribers of Defendants, including charges on other subscribers DirecTV/DirecTV, LLC, bills."

"Like the information he discovered online about himself, he was able to view the names, addresses, phone number, subscriptions, and bills from other subscribers," states the suit. "In order to confirm that the information was available to others, he asked another individual to attempt to access information from his computer as well. Like Jantos, this individual was able to access personally identifiable information of DirecTV/DirecTV, LLC, subscribers."

The lawsuit is seeking punitive damages of $100 a day for each violation. It claims that CenturyLink and DirecTV are in violation of Section 338 of the Communications Act, which prohibits pay TV providers from exposing customer information without written consent, and requires they take steps to protect customer information from being accessed by others. Quite often, telecom and pay TV operators grow so quickly via M&A, things like data privacy and customer service can, more often than not, fall through the cracks.

"We’re reviewing the complaint, but the allegations in it do not involve our bills," AT&T said in a statement it provided DSLReports. The lawsuit does seem to indicate that this data may have been gleaned wholly from CenturyLink, who sells bundled DirecTV service:
quote:
CenturyLink also acted as the agent of DirecTV and/or DirecTV, LLC, in connection with the marketing, selling, billing, and distribution of bills (including making the bills available for public access) of DirecTV’s services. CenturyLink is also an agent for DirecTV and/or DirecTV, LLC, for purposes of all tasks associated with billing certain bundled services provided by DirecTV and/or DirecTV, LLC, to its subscribers.
CenturyLink did not immediately respond for a request for comment.

Most recommended from 12 comments



mt999999
join:2016-06-16
East Liverpool, OH

7 recommendations

mt999999

Member

CPNI

Hmm... I'm pretty sure that CPNI (Customer proprietary network information) offenses are pretty serious. Name, address, and telephone numbers are not CPNI, as they are available in any public database and telephone book. However, CPNI such as products subscribed to, was pounded into my head over and over again (in Frontier communications training) that you do NOT disclose. One would think that would be an industry-wide rule.
Roadkill
Premium Member
join:2008-06-17
united state

6 recommendations

Roadkill

Premium Member

Private Data

What more data could AT&T/CL expose beyond Yahoo/Verizon?