FCC slaps AT&T with $25 million fine for data breach

(Image Credit: iStockPhoto/BanksPhotos)

Employees of AT&T's call centres were found to have illegally taken the personal information of almost 280,000 customers following an investigation by the FCC's Enforcement Bureau. As such, the regulator has fined the telecommunications giant with a $25 million fine for unauthorised use of customer data.

“As the nation's expert agency on communications networks, the Commission cannot — and will not — stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” said FCC Chairman Tom Wheeler.

He continues: “As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers.”

AT&T must alert all affected customers and provide credit monitoring services

The call centers - based in Mexico, Colombia, and the Philippines - stole names, social security numbers, and account info without authorisation. This information was then used to request unlock codes provided to an underground network dealing with stolen handsets that would otherwise be rendered useless.

“Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records,” said Travis LeBlanc, Chief of the Enforcement Bureau.

LeBlanc continues: “Today’s agreement shows the Commission’s unwavering commitment to protect consumers’ privacy by ensuring that phone companies properly secure customer data, promptly notify customers when their personal data has been breached, and put in place robust internal processes to prevent against future breaches. We hope that all companies will look to this agreement as guidance.”

In addition to the fine, AT&T must alert all affected customers and provide credit monitoring services for those included in breaches in both Colombia and the Philippines. It must also appoint a senior compliance manager to keep an eye on things and file regular security reports with the FCC.

The investigation was launched in May 2014 to look at the circumstances regarding a 168-day breach which took place between November 2013 and April 2014. Three employees were found to have been paid by a third party to obtain sensitive information in order to carry-out illegal unlocking activities through AT&T's online unlock portal.

Do you think AT&T's $25 million fine by the FCC is fair? Let us know in the comments.

 
Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.