AT&T Slapped With ‘Largest Ever’ US Data Breach Fine

AT&T has been issued with a $25 million (£16.9m) fine by the US Federal Communications Commission over a consumer data breach at call centres in Mexico, Colombia and the Philippines.

According to the FCC, the data breaches involved the unauthorised disclosure of names and full or partial Social Security numbers of 280,000 US customers. The breach also involved the unauthorised access to protected account information.

The FCC said that this is its “largest privacy and data enforcement action to date.”

Data Breach

The investigation by the FCC’s Enforcement Bureau, revealed that these data breaches occurred between November 2013 and April 2014. Staff at call centres used by AT&T in Mexico, Colombia, and the Philippines accessed customer records without authorisation.

There seems to have been a criminal issue here, as three call centre staff members also accessed other personal information that was used to request handset unlock codes for AT&T mobile phones. The staff then provided this information to “third parties, who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock.”

“As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” thundered FCC Chairman Tom Wheeler.

“As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” said Wheeler.

“Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records,” said Travis LeBlanc, Chief of the Enforcement Bureau. “We hope that all companies will look to this agreement as guidance.”

“We are terminating vendor sites as appropriate,” AT&T was quoted by Reuters as saying in response. “We’ve changed our policies and strengthened our operations.”

But this is not the first time AT&T has struggled with security woes and data breaches.Back in June 2010, a group of hackers exploited a security hole on AT&T’s website. As a result, the group was able to get its hands on the email addresses of 114,000 owners of Apple iPads.

Last year, Andrew ‘Weev’ Auernheimer, who was imprisoned in 2013 over that breach, was set free, although not because he was found innocent of the crimes for which he was convicted.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

5 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

5 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

7 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

8 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

9 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

9 hours ago