AT&T has agreed to a $25 million fine from the Federal Communications Commission–the largest ever privacy and data security enforcement by the agency ever–to end an investigation into data breaches that exposed personal information of nearly 280,000 US customers.
The breach happened in 2013 and 2014 at AT&T call centers in Mexico, Colombia, and the Philippines, said the FCC. Employees at these call centers accessed customer records containing names, full or partial Social Security numbers and protected account-related data, according to findings by the FCC’s Enforcement Bureau.
“As the nation’s expert agency on communications networks, the Commission cannot–and will not–stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” said FCC Chairman Tom Wheeler, in a statement. “As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers.”
The employees obtained information to unlock cellphones and handed over the information to third-parties, which paid the employees for the information after providing lists of names.
The FCC said AT&T will notify every customer of the data breach and pay for credit monitoring services for affected customers in Colombia and the Philippines. The telecommunications company will also need to improve its privacy and data security practices, train employees on the company’s privacy policies, appoint a senior compliance manager and conduct in-house assessments of implemented an information-security program.
“Today’s agreement shows the Commission’s unwavering commitment to protect consumers’ privacy by ensuring that phone companies properly secure customer data, promptly notify customers when their personal data has been breached, and put in place robust internal processes to prevent against future breaches,” said Travis LeBlanc, chief of the Enforcement Bureau, in the statement. “We hope that all companies will look to this agreement as guidance.”
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
