Phone Book Full Disclosure

The following story is all over the local media. From the Hagerstown (MD) Herald-Mail, which broke the story:

A mistake by Verizon that led to the printing of about 12,500 unlisted or nonpublished telephone numbers and corresponding addresses in a telephone book has prompted fear and anger in some of those affected...

In March, Verizon inadvertently sold the numbers to Ogden Directory Inc. for publication in the phone book...

The phone books were in the process of being distributed by the post office, but Ogden officials last week asked that distribution be halted after the problem was discovered.

[T]he publication of the phone numbers can be rectified by Verizon providing new numbers, but the damage caused by publishing addresses is irreversible.

If you need examples why this is a big deal, please read the article.

When I heard this story yesterday, I thought: "I would not have known about this if the local media did not report it." I wondered if it would have been more appropriate for Verizon and Ogden to have mailed each of the 12,500 people affected. By openly broadcasting this story, the very sorts of undesirable people who would want access to the unlisted and nonpublished numbers now have a much higher chance of learning of this disclosure.

Now I think a quiet disclosure strategy would not have worked. More than one person receiving such a letter would have publicly complained to the authorities or press, and we would be in the current situation. That's probably what happened in this case, minus the letters of notification.

There doesn't appear to be a good answer to this problem. Because those affected by the disclosure have so few options (change phone numbers and relocate), and the latter option is so burdensome, I doubt the benefits of the disclosure (warning those affected) outweighs the costs (greater awareness on the part of evil-doers).

By the way, I'm reporting my thoughts here because all of the notification damage has already been done.


Anonymous said…
When I was living in the area, I was charged extra to have an unlisted number.

Clearly those affected by this breach deserve some finanical compensation in addition to an apology.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4