AT&T and Verizon on Tuesday pledged to stop providing phone location data from cellular phone owners to data brokers following a leak of real-time location data.
The decision transpired following an investigation by Senator Ron Wyden (D-Oregon), who found that law enforcement agencies could use the data to track people without their consent. The practice is common and legally done with a search warrant.
"When these issues were brought to our attention, we took immediate steps to stop it,” Rich Young, spokesperson for Verizon, wrote in an email to Search Marketing Daily. “Customer privacy and security remain a top priority for our customers and our company. We stand-by that commitment to our customers."
In a letter released Tuesday from Verizon to Senator Wyden, the parent company of online ad firm Oath, which includes the former businesses of AOL and Yahoo, said it would end the practice of selling customer location data to vendors that aggregate the data.
Verizon would do so after discovering that brokers who purchased data did not verify whether its users had legal permission to track cell phone users through its service.
"Location data from Verizon and other carriers makes it possible to identify the whereabouts of nearly any phone in the U.S. within seconds," wrote security reporter Brian Krebs in a May blog post.
Krebs wrote that tracking firm LocationSmart leaked customer location data from all major U.S. mobile carriers — AT&T, Sprint, T-Mobile and Verizon — without consent. The New York Times broke the news on May 10.
The Verge reported that because Verizon had little oversight into two California-based data brokers — LocationSmart and Zumigo — more than 75 companies had access to real-time user location data, which the telcom carrier claims to have had no control over. That means no control of how the brokers used the data.
The media outlet also reported that AT&T followed suit later in the day.