AT&T Slapped With ‘Largest Ever’ US Data Breach Fine

AT&T has been issued with a $25 million (£16.9m) fine by the US Federal Communications Commission over a consumer data breach at call centres in Mexico, Colombia and the Philippines.

According to the FCC, the data breaches involved the unauthorised disclosure of names and full or partial Social Security numbers of 280,000 US customers. The breach also involved the unauthorised access to protected account information.

The FCC said that this is its “largest privacy and data enforcement action to date.”

Data Breach

The investigation by the FCC’s Enforcement Bureau, revealed that these data breaches occurred between November 2013 and April 2014. Staff at call centres used by AT&T in Mexico, Colombia, and the Philippines accessed customer records without authorisation.

There seems to have been a criminal issue here, as three call centre staff members also accessed other personal information that was used to request handset unlock codes for AT&T mobile phones. The staff then provided this information to “third parties, who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock.”

“As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” thundered FCC Chairman Tom Wheeler.

“As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” said Wheeler.

“Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records,” said Travis LeBlanc, Chief of the Enforcement Bureau. “We hope that all companies will look to this agreement as guidance.”

“We are terminating vendor sites as appropriate,” AT&T was quoted by Reuters as saying in response. “We’ve changed our policies and strengthened our operations.”

But this is not the first time AT&T has struggled with security woes and data breaches.Back in June 2010, a group of hackers exploited a security hole on AT&T’s website. As a result, the group was able to get its hands on the email addresses of 114,000 owners of Apple iPads.

Last year, Andrew ‘Weev’ Auernheimer, who was imprisoned in 2013 over that breach, was set free, although not because he was found innocent of the crimes for which he was convicted.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

22 mins ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

5 hours ago