AT&T has been issued with a $25 million (£16.9m) fine by the US Federal Communications Commission over a consumer data breach at call centres in Mexico, Colombia and the Philippines.
According to the FCC, the data breaches involved the unauthorised disclosure of names and full or partial Social Security numbers of 280,000 US customers. The breach also involved the unauthorised access to protected account information.
The FCC said that this is its “largest privacy and data enforcement action to date.”
There seems to have been a criminal issue here, as three call centre staff members also accessed other personal information that was used to request handset unlock codes for AT&T mobile phones. The staff then provided this information to “third parties, who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock.”
“As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” thundered FCC Chairman Tom Wheeler.
“As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” said Wheeler.
“Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records,” said Travis LeBlanc, Chief of the Enforcement Bureau. “We hope that all companies will look to this agreement as guidance.”
“We are terminating vendor sites as appropriate,” AT&T was quoted by Reuters as saying in response. “We’ve changed our policies and strengthened our operations.”
But this is not the first time AT&T has struggled with security woes and data breaches.Back in June 2010, a group of hackers exploited a security hole on AT&T’s website. As a result, the group was able to get its hands on the email addresses of 114,000 owners of Apple iPads.
Last year, Andrew ‘Weev’ Auernheimer, who was imprisoned in 2013 over that breach, was set free, although not because he was found innocent of the crimes for which he was convicted.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…