The FCC has announced that it will receive a settlement payment of $3.5 million from two telecommunications companies—TerraCom Inc. and YourTel America—for allegations around the companies’ failure to safeguard customers’ personal information. The companies must notify all individuals who were affected and provide credit monitoring for the affected consumers. The companies have also agreed to conduct a privacy risks assessment and implement a security program and data breach response plan.

The settlement arose out of a data breach affecting up to 300,000 individuals’ names, addresses, driver’s license numbers and other customer information on unprotected Internet servers related to applications for Lifeline, a telephone service program. According to the FCC, the information could be accessed by “anyone with a search engine.”

This settlement is a promise made good by the FCC in March when it publicly announced that it would increase enforcement action against broadband service providers for privacy and data security practices.