AT&T Gets Hit With $25 Million Fine By The FCC Over Stolen Customer Data
US major wireless carrier AT&T recently reached a $25 million settlement with the Federal Communications Commission (FCC) over customer information that was stolen from three international call centers.
The customer data was stolen from contracted call center companies located in Mexico, Colombia, and the Philippines. The data breach basically involved the unauthorized disclosure of names, social security numbers (full or partial), and other protected account information of nearly 280,000 customers in the United States.
The FCC is certainly serious in doling out punishment for the carrier. By far, this is the biggest privacy and data security related penalty ever issued by the agency. It may be with good reason -- there have been many high profile data breaches in the last few years, and customers are, quite understandably, anxious about the security of their private data.
The FCC has been busy in the last few months dealing with all sorts of data breach concerns. In October of last year, the agency issue the carrier TerraCom, as well as its affiliate YourTel America, a fine in the amount of $10 million for failing to keep customers' personal data private and protected. These recent fines should be a warning to companies that the FCC is adamant about holding them accountable for protecting consumers' private information.
As for AT&T, it has since amended its data security policies, and even put additional measures in place to protect its customers' data. The carrier has also made a move to terminate its connection with certain vendors who failed to meet its private data standards.
The FCC started investigating the breach last year in May 2014. The agency found out that the data breach in Mexico lasted for 168 days. It turned out that three call center employees were paid by third parties to steal customer data that could then be utilized to submit online requests for smartphone unlock codes. Based on the FCC's investigation, these employees accessed 68,000 accounts without the authority of the customers. The stolen data was then used to submit over 290,000 smartphone unlock requests via AT&T's online customer unlock request portal.
In the course of its investigation, the FCC also discovered data breaches in Colombia and the Philippines. An estimated 40 employees at these Colombian and Philippine call centers had accessed customers' accounts and lifted all sorts of private information. Nearly 211,000 accounts were accessed without authorization.
According to the terms of the settlement, AT&T is to make a $25 million civil payment, as well as inform all affected customers, and then pay for credit monitoring services for those accounts that were illegally accessed.