AT&T Fined $25 Million in Data Breach of Offshore Call Centers
April 9, 2015
The Federal Communications Commission yesterday fined AT&T $25 million as a result of a data breach at call centers in Mexico, Colombia and the Philippines. The settlement agreement, released by the FCC yesterday, said the breaches compromised the names, Social Security numbers and other proprietary information of nearly 280,000 U.S. customers. The information was gathered by call-center employees and sold to third parties who attempted to use the information to unlock cell phones in a secondary market, according to the FCC. The fine is the largest ever levied by the agency in a data-security enforcement action.
“As the nation’s expert agency on communications networks, the Commission cannot—and will not—stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” said FCC Chairman Tom Wheeler. “As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers.”
In addition to the fine, the FCC will require AT&T to appoint a senior compliance manager, conduct risk assessments, implement a new security program and file regular compliance reports.