AT&T Slapped With ‘Largest Ever’ US Data Breach Fine

AT&T has been issued with a $25 million (£16.9m) fine by the US Federal Communications Commission over a consumer data breach at call centres in Mexico, Colombia and the Philippines.

According to the FCC, the data breaches involved the unauthorised disclosure of names and full or partial Social Security numbers of 280,000 US customers. The breach also involved the unauthorised access to protected account information.

The FCC said that this is its “largest privacy and data enforcement action to date.”

Data Breach

The investigation by the FCC’s Enforcement Bureau, revealed that these data breaches occurred between November 2013 and April 2014. Staff at call centres used by AT&T in Mexico, Colombia, and the Philippines accessed customer records without authorisation.

There seems to have been a criminal issue here, as three call centre staff members also accessed other personal information that was used to request handset unlock codes for AT&T mobile phones. The staff then provided this information to “third parties, who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock.”

“As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” thundered FCC Chairman Tom Wheeler.

“As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” said Wheeler.

“Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records,” said Travis LeBlanc, Chief of the Enforcement Bureau. “We hope that all companies will look to this agreement as guidance.”

“We are terminating vendor sites as appropriate,” AT&T was quoted by Reuters as saying in response. “We’ve changed our policies and strengthened our operations.”

But this is not the first time AT&T has struggled with security woes and data breaches.Back in June 2010, a group of hackers exploited a security hole on AT&T’s website. As a result, the group was able to get its hands on the email addresses of 114,000 owners of Apple iPads.

Last year, Andrew ‘Weev’ Auernheimer, who was imprisoned in 2013 over that breach, was set free, although not because he was found innocent of the crimes for which he was convicted.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

3 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

4 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

4 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

4 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

5 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

5 hours ago