MICHEL MARTIN, HOST:
I'm Michel Martin, and this is TELL ME MORE from NPR News. Coming up, you've probably heard that the stock market is seeing record highs, but there's also a new poll that shows that fewer Americans are participating. We'll try to find out why, in just a few minutes.
But first, we want to tell you about a major data breach affecting thousands of participants of a major government program. The program is called Lifeline; it reimburses phone companies for providing service to low-income Americans.
A new investigation found detailed personal information from one of those private companies available online. That includes the Social Security numbers, birth dates, home addresses, even copies of nutrition assistance and welfare cards, of more than 100,000 applicants.
Isaac Wolf is a national reporter for Scripps Howard News Service. He led the investigation, and he's with us now to tell us more. Welcome. Thank you for joining us.
ISAAC WOLF: Thank you so much for having me.
MARTIN: Tell us just a little bit about the Lifeline program, if you would. How did it start? Who is it for?
WOLF: Sure. The Lifeline program actually dates back to 1985, during the Reagan administration, and it was created to make sure that phone service was accessible to the poor, the needy. It's continued for just about 30 years; and it was expanded in 2005 to include cellphone service. And this has created a lot of problems. There have been a lot of concerns toward waste, fraud and abuse. You've heard stories over the past few years of people getting multiple phones, phone carriers enrolling folks who maybe were dead or didn't live at those addresses because of course, the phone companies are making money per individual that they have signed up for the service.
MARTIN: So how did you get into this investigation? I mean, were you looking for something else, or had you gotten a tip or something that...
WOLF: No. There was...
MARTIN: ...this kind of personal information was available online?
WOLF: No, no. Nothing of the sort. A couple other reporters and I at Scripps were just looking into this program; you know, just looking up what was going on. There's been many new rules that have come down the pike, and we just wanted to see what was going on there. And over the course of doing some Internet searches earlier this spring, we stumbled across about 170,000 personal records that were posted online, and those involve two companies that are participating carriers within this program. It's TerraCom Inc. and its affiliate, YourTel America.
MARTIN: And for people who might not understand why this is a problem, why is this a problem that people's Social Security numbers and birth dates and addresses - and all of that stuff, was so readily available?
WOLF: Well, your Social Security number is really the most important sensitive piece of information about yourself that can be used by identity thieves to open accounts in your name, to pass themselves off as you. Social Security numbers, we know, also are used by people who aren't you, to get jobs.
MARTIN: So it's basically an open door to identity theft. So as far as you know, how did this happen?
WOLF: You know, TerraCom, the parent company behind this, has not given us a straight answer. We are still trying to understand what led these records to be posted publicly online.
MARTIN: Now, we reached out to TerraCom and its affiliate, YourTel America, which are the companies that you say were responsible for the breach. You said that they wouldn't give you an interview. They didn't give us an interview either, but they did issue a statement, and TerraCom says that the company deeply regrets, in quotes, that this information was accessed. It says it has implemented security measures and notified federal and state regulators. It says that that information has now been taken offline.
But they also say that you did not just use simple Internet searches. In their statement they quote that a digital forensics investigation by TerraCom has revealed that the news service used sophisticated computer techniques and non-public information to view and download the personal information of applicants. And your response to that is?
WOLF: My response to that is everything that we did and everything that we looked at was publicly accessible. We stumbled across these records through a Google search. We've posted online video of how we accessed these records and we have also written about how we accessed these records. We've asked the company to sit down with us. We've told them that we would show them exactly how we accessed these records, and they have refused for nearly a month our sit-down interview requests.
And, frankly, I would just say, you know, if their story really does hold up, which it doesn't, then why aren't they here answering questions? They're not.
MARTIN: We're talking with Isaac Wolf of Scripps Howard News Service and we're talking about his reporting. He and his team found thousands of applications with detailed personal information posted online for participants in a government program to provide phone service for low income Americans.
You also talked to some of the participants in the program, people whose data was accessed. What did they say about this? Did they have any idea?
WOLF: No. They didn't have any idea. They were shocked. You know, I spoke with one woman, Linda Mendez(ph), in San Antonio. She works the night shift cleaning a gym and she uses her Lifeline cell phone, her TerraCom cell phone, to call, check in on her husband and four kids, make sure that they've done their homework, that they're ready for bed. She also uses her phone to coordinate appointments for her kids, including one of her daughters who has Down syndrome, and this is a stumbling block for her. I would just also add that prior to the TerraCom information release, her family has experienced identity theft. Her husband has had his Social Security number misused by others over the past several years, so this is something that people really get.
And I would just also add that this program, these applications, are for folks who are among the most vulnerable. They are the poorest. They oftentimes have disabilities, and so you or I - you know, it might be an inconvenience for us to have to spend the dozens of hours calling credit reporting agencies and banks, but we're talking about folks who are working the overnight shift or, you know, maybe they just don't have the wherewithal to fight this and they're the ones who've been exposed here.
MARTIN: Did your reporting indicate any hypothesis of how this could have happened?
WOLF: I can't speculate on behalf of TerraCom and I would just also add that the records were being held by a third party contractor, an Indian company called Call Centers India. We've reached out to them for comment; they also have not responded, but I would just say your question is a fantastic one. It's the top of the list of things that we're waiting to hear back from. There's a couple other questions that we really think that Linda Mendez and others need answers to, I would say.
The second question that others need answers to is: Why did TerraCom have these records in the first place? As we report, the Federal Communications Commission actually forbids TerraCom and other companies from keeping copies of food stamp cards, drivers' licenses, of pieces of proof that these applicants are eligible. Well, the vast majority of the records that we found were precisely these types of scans, iPhone camera shots, so and so forth. Why'd they have them? It's not clear.
MARTIN: So basically they're allowed to have certain information in order to be sure that the applicant is qualified, but once the applicant has been qualified, they're not supposed to keep this stuff?
WOLF: Well, according to the regulations, the companies are not supposed to retain these records. Exactly what that means is unclear. We've reached out to the FCC for an explanation; they haven't given us one. But what we can say is that many of these pieces of evidence date back to last year, so whether or not these folks were approved or still in some sort of limbo or they've been rejected, they have records that appear to go back well into last year. You know, these types of photocopies, these scans of people's Social Security cards, drivers' licenses, food stamp cards, and it's not really clear why they had them in the first place.
MARTIN: Final question. Is there any broader lesson here that you think we all need to take note of?
WOLF: Well, our reporting doesn't only look at these release of personal records from TerraCom. We actually look at some other privacy issues associated with the Lifeline program, including a database that's being built out through the FCC and it's going to include personal information from social welfare programs across the country; for many different social welfare programs there's concerns there about privacy issues.
MARTIN: Isaac Wolf is a national reporter for Scripps Howard News Service. He was kind enough to join us here in our Washington, D.C. studios. Isaac Wolf, thank you so much for joining us.
WOLF: Sure. It's been my pleasure.
MARTIN: To read Isaac Wolf's full story and then the full statement from TerraCom, just visit our website. Go to NPR.org/TellMeMore.