Verizon Communications is set to pay a $16 million settlement to the Federal Communications Commission (FCC) following multiple data breaches at its subsidiary, TracFone Wireless.
TracFone Wireless operates several telecommunications services, including Total by Verizon Wireless, Straight Talk, and Walmart Family Mobile. The company’s wide range of offerings underscores the importance of robust data security measures to protect its extensive customer base.
Along with the financial penalty, Verizon must implement several stringent measures to enhance data security for TracFone’s customers. These steps are intended to prevent future incidents and protect sensitive customer information.
- Develop a mandated information security program to reduce API vulnerabilities by adhering to standards like NIST and OWASP, implementing secure API controls, and regularly testing and updating security measures.
- Implement SIM change and port-out protections involving secure authentication for SIM changes and port-out requests, notifying customers of such requests, and offering number transfer PINs.
- Perform information security annual assessments to ensure the program’s effectiveness, with independent third-party evaluations every two years to assess sufficiency and maturity.
- Organize annual employee privacy and security awareness training to enhance their capability to safeguard customer data and comply with security protocols.
The settlement between Verizon and the FCC highlights the critical need for robust data security measures in the telecommunications industry. As TracFone implements these new protections, it aims to restore customer trust and safeguard against future breaches.
