Who pays the bill if your phone line gets hacked?

Arlene Howard’s phone bill said she made a bunch of calls to Cuba, which she didn’t. Her service provider, Charter Communications, acknowledged that her office line must have been hacked.

But it still demanded that she pay thousands of dollars to cover the cost of the bogus calls.

To which all telephone customers should rightly respond: Say what?!

You probably didn’t know this – I didn’t – but buried deep within the fine print of Spectrum’s terms of service for business and residential landlines is a provision that the customer, not the company, is responsible for any fraudulent use of the phone service.

I found similar provisions tucked away in AT&T’s and Frontier Communications’ terms.

You get hacked, you pay.

And that, of course, is nuts. It’s not your handset, after all, that’s being hacked. In most cases, it’s the telecom company’s network. Why should the customer be left holding the bag for a corporate security lapse?

“It’s frustrating,” said Christine Mailloux, staff attorney with the Utility Reform Network, a San Francisco advocacy group. “The companies will come up with a mumbo-jumbo, gobbledygook explanation for how it’s the customer’s responsibility. But it’s hard to see how these contracts are defensible.”

Hello, Cuba

Howard owns a small PR firm. She relies on Charter’s Spectrum – formerly Time Warner Cable – for her office’s phones, internet connections and TV service. Her typical bill runs about $1,200 a month.

In January she received a bill that included nearly $6,400 in charges for international calls. Howard contacted Spectrum to ask what was going on.

“They said it was for all the calls I made to Cuba,” she told me. “I told them I didn’t make any calls to Cuba.”

Spectrum looked into things and acknowledged that Howard’s phones must have been hacked. Yet, because the company is so big-hearted, a service rep said, Spectrum would hold Howard responsible for only half the charges, or about $3,000.

“What do you mean half?” Howard replied. “I was hacked. This is your responsibility.”

This is where Spectrum pointed her to the service contract for business customers. It says that “the customer is solely responsible for prevention of unauthorized, unlawful or fraudulent use of or access to services.”

Read the fine print

The fine print of the contract for residential customers is even more explicit. It says that the customer is “responsible for any fraudulent or unauthorized use of the voice service that occurs through the subscriber’s account regardless of who is responsible for such usage.”

It also says that “the subscriber shall be solely responsible for payment of all applicable charges … even where calls are originated by fraudulent means either from the subscriber’s premises or from remote locations.”

Think about that. A hacker in Russia could run up crazy charges on your phone, and it’s your responsibility to pay the bill.

AT&T and Frontier aren’t much better. Their contracts specify that customers are responsible for all fraudulent charges that accrue prior to a hack being reported to the companies – which in most cases would be all charges, because you wouldn’t know you’ve been hacked until your bill arrived weeks later.

It looks like wireless customers are generally spared such manhandling. AT&T’s wireless contract, for instance, says that “you’re not liable for charges you did not authorize.”

Spectrum’s stance is that it was Howard’s internal phone system, not Spectrum’s network, that was hacked, so none of this is the company’s fault. The company apparently was nervous enough about my asking questions that it informed Howard it would reduce her outstanding bill by $500.

Not industry standard

A telecom industry insider, requesting anonymity in return for telling the truth, told me that most phone companies insert these noxious you-pay-for-fraud provisions in their contracts to prevent customers from willy-nilly challenging all charges on their bill.

However, this person said, most companies won’t hesitate to write off fraudulent calls if it’s clear that the customer didn’t make them.

Debra Tortorelli, an AT&T spokeswoman, said that “if we determine that fraud has occurred on a customer’s account, we quickly reverse unauthorized charges.” Javier Mendoza, a Frontier spokesman, similarly told me that cases of fraud are reviewed “on a case-by-case basis.”

That’s good – and Charter should adopt a similar policy. However, if a phone company is flexible about such matters, it should say as much in its contract, rather than reserving the right to stick customers with bogus bills.

And if Spectrum is confident that its customer didn’t make thousands of dollars worth of international calls, which it apparently is in Howard’s case, the stand-up thing is to swallow the charges (the true cost of which undoubtedly is much less than what was billed).

Spectrum’s parent, Charter, pocketed $3.5 billion in profit last year. You now have to wonder how much of that came from strong-arming customers.

David Lazarus is a Los Angeles Times columnist. He answers consumer questions. Contact him: or @Davidlaz. Read more by Lazarus at