Security News > 2023 > January > No more holidays for US telcos, FCC is cracking down

In Brief The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident.

In a unanimous 4-0 vote, the FCC published a notice of proposed rulemaking that Chairwoman Jessica Rosenworcel said is sorely overdue, as the current rules are more than 15 years old.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel said.

The FCC also admitted in the proposal that its focus in the original breach reporting rules implemented in 2007 was too narrow - it only accounted for breaches involving pretexting crimes that involve impersonating someone to forcibly gain access to secure data.

The data stolen included "Basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses."

The suit is seeking a jury trial to squeeze damages and restitution out of LastPass for a nationwide class that includes any LastPass users who had data stolen in the breach.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/08/in_brief_security/