14 DAY TRIAL // Personal details of more than 74,000 Comcast customers that paid the company for their details to be protected from the public eye have been found both in online and offline directories.
A document filed with the Public Utilities Commission on October 3, 2013, provided by EFF, reveals that more than 74,000 Californians who are Comcast subscribers have been affected by a company error that resulted in the exposure of information such as names, addresses, and phone numbers.
The leak appeared at the beginning of July 2010 and continued through December 2012, although two customers complained in October 2012 about the fact that details that were supposed to be unlisted were publicly available online.
Following the investigation started as a result of the complaints, Comcast discovered that at fault was an agreement (Directory Listing License and Distribution Agreement) with third-party entity Targus, to distribute and publish Comcast’s residential directory lists.
In its turn, Targus distributes the information to other parties, some of them publishing it online, including to Comcast’s Ecolisting directory that allows searching by name or, alternatively, by phone number.
“The Directory Listing License and Distribution Agreement includes language describing Targus as Comcast’s agent. As Comcast’s agent, Targus is to provide Comcast’s directory listing information to all eligible recipients as if Comcast provided the directory listings directly to them,” the document explains the relation between Comcast and Targus.
Targus was not the only agent to which Comcast sent information for distribution purposes, and other companies also received them. However, the phone company should not have revealed the details of customers that paid an extra fee of $1.25 / €0.95 or $1.50 / €1.14 per month to have their details protected.
“When Comcast advertised its new online directory assistance service, Ecolisting, Comcast told customers that Comcast would continue to ensure that unlisted names and numbers would not be distributed to phone book publishers, online directories, or directory assistance,” says the document.
However, the data was erroneously published and the incident affected 74,650 clients. Not all of them may be aware that the company accidentally published confidential details about them.
It is worth noting that some of the customers resorted to the privacy service in order to ensure their safety, as in some cases, life threatening situations were exposed by the customers in their complaints.
As for fixing the problem, Comcast has stated that it offered refunds to some of the affected individuals, and in some cases, upon customer request, it provided additional remediation measures.