Hello fellow techs,

Recently we had a (now ex) member of the sub that submitted a post and it had a link to a spreadsheet that had 41,000 technician names, city & state, amount of completed jobs, ratings and your FN ID.

Luckily, I member of our sub notified the MOD team about the data breach and the post was immediately removed and the member is now permanently banned from the sub. This same member had a different post removed last week that hinted that FN was being acquired by a capitol fund. I removed that post shortly after and warned the member regarding what is acceptable to post.

U/PatchWombat notified FN regarding the data breach and worked with FN to identify the user. Turns out the user was a previous buyer and had abused his account privileges to generate the spreadsheet. HIs account has been officially closed by FN. Today Patch got the following official response from FN that I will post unedited except to protect Patch’s real name and the name of the FN rep.

Hi Patch, Here is a breakdown of what happened and how we handled it. Most of this info you already know and had a part in but just want to give a full view from begging to end : We were notified via two reports from two providers that a Reddit post had an attached spreadsheet of providers' names, last active date, city and state, amount of jobs done, rating, and Field Nation ID. This info is viewable to all buyers on the platform and was the only info obtained. This was not a hack but rather a previous provider who signed up as a new buyer and used the tools available to all buyers to create a spreadsheet to try to create panic and confusion. The Reddit post was removed shortly after it was posted by the page admin. We were able to track down the buyer account that posted this info and block them permanently and handle it fully and appropriately on our end. Please let me know if you have any questions at all and thank you for working with me on this. -FN Rep

First, I want to personally thank the member (who would like to stay anonymous, which I respect) of the sub that notified the MOD team of the post. Your effort is greatly appreciated!!!!

Second, I also want to thank one of our MODS u/PatchWombat for his prompt response and pushing this issue back through FN with assertiveness and professionalism.

Ok, now onto the real problem with this entire issue. The data that the ex-member/buyer posted according to FN is readily available to ANY buyer! There is a serious amount of personal private data on every technician that should be under a much tighter control. Why in the HELL is this entire data set available to just any buyer (which anyone could become a buyer in less than 30 minutes)? Why are there absolutely NO security measures in place to protect the privacy, security and personal information of the technicians?

This evening I sent emails to Mynul Khan CEO, Travis Emslander CTO and also Nicole Gode EVP of Customer Experience asking them for clarification of their security processes and an explanation of why this data set is not protected.

I also spoke to a college friend of mine who is an attorney for the DOJ in Washington DC. He stated that this is a Federal Trade Commission (FTC) issue and that they have broad jurisdiction over commercial companies like FN. He stated that the FTC could easily impose actions against FN for failure to implement and maintain reasonable data security measures. And also for failure to provide sufficient security for personal data. He has put me in contact with a member of the FTC that he has worked with on a previous case.

We are much stronger as a group versus individuals. I started this sub over 4 years ago to exchange ideas, support new techs and to add a voice to the technicians. And hopefully we can force FN to change their security practices and to protect our personal data. I would like to suggest that member of the sub to contract FN over the next few days to demand that they change their lax security processes and to respect that our personal data is PRIVATE and not accessible in such a lax method.

If I hear back from any of the executive board at FN, I will update this post. I am going to aggressively pursue this from a legal standpoint with the FTC to explore what our options are.

Be safe out there!