About

Important information

• Government Actions:

  Government Action: BBB reports on known government actions involving business’ marketplace conduct:

  In the matter of TracFone Wireless Inc. FCC File No.: EB-IHD-22-00033718
  

  As of November 29, 2023

  TRACFONE TO PAY $23.5 MILLION TO RESOLVE INVESTIGATION INTO VIOLATIONS INVOLVING TWO MAJOR FCC PROGRAMS
  Settlement Resolves Lifeline and Emergency Broadband Benefit Program Investigation As Well As a 2020 Enforcement Action
    --
  WASHINGTON, November 29, 2023—The Federal Communications Commission announced that the Enforcement Bureau reached a settlement with TracFone Wireless (a Verizon subsidiary) to resolve an investigation into whether it violated the Commission’s rules for its Lifeline and/or Emergency Broadband Benefit programs.  Following its acquisition by Verizon, TracFone self-identified and reported to the Commission and the Universal Service Administrative Company certain instances in which it may have violated the Lifeline and/or EBB rules.  TracFone has agreed to compliance measures and a $17,487,000 civil penalty in addition to $6,013,000 to resolve a 2020 Notice of Apparent Liability for other apparent Lifeline violations.

  The Enforcement Bureau investigated TracFone’s procedures for determining customer usage, which are critical for ensuring public funds are not subsidizing unused connections.  TracFone disclosed that its internal processes resulted in Lifeline claims for customers who had not used the service in the prior 30 days, contrary to the Commission’s rules.  Specifically, TracFone’s internal systems: 1) improperly considered a subscriber’s receipt of an inbound text message to constitute qualifying Lifeline usage; and 2) improperly claimed support for a group of customers who were enrolled jointly in both the Lifeline and EBB programs, but did not use one of the services in the prior 30-day period.
  
  TracFone also disclosed that a group of its field enrollment representatives used falsified tax documents to enroll subscribers in TracFone’s Lifeline and EBB services.  After working with auditors, TracFone reimbursed the Universal Service Fund a total of $22,654,154 for Lifeline from January 2019 through October 2021 and also paid back $17,880,598 in EBB funds.  TracFone further disclosed 79 field enrollment agents who were paid commission-based compensation tied to the number of customers enrolled, despite the Commission’s rules prohibiting such arrangements.

  To resolve these matters, TracFone today entered into a Consent Decree with the Enforcement Bureau in which it agreed to a series of terms and conditions for future compliance that take into consideration TracFone’s voluntary disclosures and its cooperation during the investigation.  In addition, TracFone has also agreed to pay $6.013 million to resolve a 2020 NAL alleging the company claimed federal Lifeline funding for thousands of Texas customers who apparently were not eligible for the program, as well as enrollments in Florida that resulted from sales agents apparently manipulating customer data to create fake accounts.
  
  The Lifeline program provides a monthly discount of up to $9.25 on broadband and phone service for qualifying low-income consumers.  Carriers participating in the program receive funds for each eligible Lifeline subscriber and must pass the savings on to those subscribers.  The Lifeline program is paid for using Universal Service Fund dollars, and that money comes from fees assessed on the phone bills of American consumers and businesses.  The separately funded EBB program helped lower the cost of high-speed internet and connected devices for eligible households in 2021 during the COVID-19 pandemic.  
  
  LINK: https://www.fcc.gov/document/tracfone-pay-235-million-resolve-fcc-program-violations
  
  
  
  

  Click here for details
• Government Actions:

  Government Action: BBB reports on known government actions involving business’ marketplace conduct:

  In the Matter of TracFone Wirless Inc. File Nos.: EB-TCD-22-00033630; EB-TCD-23-00034682 CD Acct. No.: 202432170006 FRN: 0006855639
  

  As of July 22, 2024

  TRACFONE TO PAY $16 MILLION TO SETTLE FCC INVESTIGATIONS INTO CARRIER’S DATA PROTECTION AND CYBERSECURITY PRACTICES

  Settlement Includes Comprehensive Terms Addressing API and Data Security Vulnerabilities Following Enforcement Bureau Investigations of Three Data Breaches
    --
  WASHINGTON, July 22, 2024—The Federal Communications Commission today announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.  
  
  The underlying data breaches involved exploitation of application programming interfaces (APIs).  APIs allow different computer programs or components to communicate with one another.  Among other things, numerous APIs can be leveraged to access customer information from websites.  The settlement, formally called a Consent Decree, includes terms aimed at strengthening TracFone’s API security.  This is critical because APIs are ubiquitous, and thus are a common attack vector for threat actors.   

  TracFone is a telecommunications carrier that offers services through multiple brands, such as Straight Talk, Total by Verizon Wireless, and Walmart Family Mobile.  TracFone is a wholly-owned subsidiary of Verizon Communications, which acquired the company in November 2021.  Between January 2021 and January 2023, TracFone experienced three data breaches.  The breaches resulted in the unauthorized access to and exposure of customers’ proprietary information (PI), including certain customer proprietary network information (known as CPNI) and personally identifiable information (known as PII), as well as numerous unauthorized port-outs.
  
  The failure to reasonably secure customers’ proprietary information violates a carrier’s duty under Section 222 of the Communications Act and also constitutes an unjust and unreasonable practice in violation of Section 201 of the Act.  It is also a violation of Section 222 of the Communications Act to impermissibly use, disclose, or permit access to individually identifiable CPNI without customer approval.  The Commission has made clear that it expects telecommunications carriers to take “every reasonable precaution” to protect their customers’ proprietary or personal information.  The Commission has also adopted rules that require carriers to take reasonable measures to discover, report, and protect against attempts to access CPNI without authorization.

  In addition to a $16 million civil penalty, the Consent Decree includes:
  •    a mandated information security program, with novel provisions to reduce API vulnerabilities in ways consistent with widely-accepted standards, like those identified by the National Institute of Standards and Technology (NIST) and the Open Worldwide Application Security Project (OWASP);
  •    Subscriber Identity Module (SIM) change and port-out protections;
  •    annual assessments, including by independent third parties, of its information security program; and
  •    privacy and security awareness training to employees and certain third parties.  

  Today’s action follows the Commission’s issuance of nearly $200 million in fines against the nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that sensitive information against unauthorized disclosure.

  Today’s settlement, formally called a Consent Decree, is available at: https://www.fcc.gov/document/eb-settles-tracfone-following-three-data-breaches.

  LINK: https://www.fcc.gov/document/tracfone-pay-16m-settle-data-cybersecurity-investigation
  
  

   

  Click here for details