AT&T to pay $13 million over 2023 vendor data breach

1 month ago 5

The FCC said that the mandatory changes in the settlement's terms will likely require AT&T to make significant investments that far exceed the $13 million fine.

WASHINGTON — AT&T has agreed to a $13 million settlement to resolve an investigation into a data breach in January 2023, the Federal Communications Commission announced Tuesday. 

The breach involved a cloud environment operated by a vendor contracted by AT&T to generate and host personalized billing and marketing videos for AT&T customers. According to the FCC, AT&T failed to ensure that the vendor adequately protected customer information and properly disposed of it as required by their contract. The data breach happened years after the vendor's contract with AT&T had ended. 

"The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches," FCC Chairwoman Jessica Rosenworcel said in a statement. “Carriers must take additional precautions given their access to sensitive information, and we will remain vigilant in ensuring that’s the case no matter which provider a customer chooses.”

As part of the settlement, AT&T will make significant security upgrades to enhance the tracking of customer data, implement stricter vendor controls and oversight, and conduct annual compliance audits. 

The FCC said that the mandatory changes in the settlement's terms will likely require AT&T to make significant investments that far exceed the $13 million fine. 

This settlement follows a similar agreement reached with Verizon on behalf of TracFone in July 2024. 

In April, the FCC leveraged nearly $200 million in fines against wireless carriers for illegally sharing customers’ location data without their consent, including a $57 million fine for AT&T. 

Read Entire Article