AT&T to Pay $25 Million Penalty for Data Breaches

AT&T to Pay $25 Million Penalty for Data Breaches
Advertisement
AT&T will pay a $25 million (roughly Rs. 155 crores) fine for "lax security" at overseas call centers where employees stole personal data for mobile phone traffickers, US regulators said Wednesday.

The Federal Communications Commission announced the settlement in the case which affected some 280,000 AT&T customers.

FCC officials said the lack of security at AT&T call centers in Mexico, Colombia, and the Philippines allowed employees in those locations to steal personal information which could be used to "unlock" stolen phones.

The employees "provided that information to unauthorized third parties who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock," an FCC statement said.

The breach allowed those in the scheme to get customer names, full or partial social security numbers and other data that could be used to submit an "unlock" request to the big US telecom carrier, allowing them to resell stolen devices.

The breaches exposed US victims to potential identity theft, according to the FCC, which said the settlement requires AT&T to offer credit monitoring and notifications to affected consumers.

FCC chairman Tom Wheeler said the agency "cannot and will not stand idly by when a carrier's lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud."

The FCC began a probe after learning of a 168-day data breach that took place at an AT&T call center in Mexico between November 2013 and April 2014.

During this period, three call center employees were paid by outside parties to obtain customer information that could then be used to submit online requests for cellular handset unlock codes, the FCC said.

In Mexico, some 68,000 customers had data compromised, according to investigators.

The probe later was extended to call centers in Colombia and the Philippines. In those two countries, 40 employees were able to access the confidential data and sold information on around 211,000 customers, the FCC said.

The FCC said the case represented its "largest privacy and data security enforcement action to date" and also requires AT&T to upgrade its security procedures and appoint a privacy compliance officer.

AT&T said in a statement regarding the case that it sees customer privacy as "critical."

"We hold ourselves and our vendors to a high standard. Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate," the company said

"We've changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information."

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Google Questioned by Court on Patent Values in Microsoft Case
Designer Molecule Found to Reduce HIV Levels in Human Trial
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »