FCC says employees at three AT&T call centers sold private customer data to third parties trafficking stolen cellphones.

Sarah Thomas, Director, Women in Comms

April 8, 2015

2 Min Read
AT&T Fined $25M for Privacy Violations

AT&T has agreed to pay the FCC $25 million for consumer privacy violations incurred at its call centers in Mexico, Colombia and the Philippines, a settlement the FCC says is its largest privacy and data security enforcement action to date.

The FCC's Enforcement Bureau alleges that employees at AT&T's call centers in the three countries disclosed almost 280,000 customers' names and full or partial Social Security numbers without authorization, as well as used unauthorized access to protected account-related data called customer proprietary network information (CPNI).

Three call center employees in Mexico illegally accessed this customer data and then sold it to unauthorized third parties who were trafficking in stolen cellphones and used the information to get unlock codes from the carrier. The FCC also uncovered the same issue in Colombia and the Philipines where 40 employees sold the data from 21,000 customer accounts.

The breaches occurred between November 2013 and April 2014, during which time third parties managed to submit 290,803 handset unlock requests through AT&T's online customer unlock request portal. The FCC says it launched its investigation in May 2014.

For more on mobile topics, peruse the dedicated mobile content page here on Light Reading.

In a statement on the settlement, FCC Chairman Tom Wheeler criticized AT&T for its "lax data security practice" that exposed "the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud."

AT&T said in a statement to Fierce Wireless that it would notify all affected customers of the breach. And, the FCC is requiring it to strengthen its security practices and hire a senior compliance manager who is a certified privacy professional to implement security protocols, train employees and ensure compliance.

While the data breach was the fault of AT&T vendors and nefarious employees, the onus is on AT&T to pay the fine and take responsibility for the privacy violations. Breaches like this are dangerous for consumers and harmful -- not to mention expensive -- to brands, highlighting how important it is for carriers to have a comprehensive security strategy in place for their networks, customer data and internal operations. (See AT&T's Amoroso: To Battle New Threats, Mobilize Your People and Security Suffers From 'Not My Job' Mentality .)

— Sarah Thomas, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profile, Editorial Operations Director, Light Reading

About the Author(s)

Sarah Thomas

Director, Women in Comms

Sarah Thomas's love affair with communications began in 2003 when she bought her first cellphone, a pink RAZR, which she duly "bedazzled" with the help of superglue and her dad.

She joined the editorial staff at Light Reading in 2010 and has been covering mobile technologies ever since. Sarah got her start covering telecom in 2007 at Telephony, later Connected Planet, may it rest in peace. Her non-telecom work experience includes a brief foray into public relations at Fleishman-Hillard (her cussin' upset the clients) and a hodge-podge of internships, including spells at Ingram's (Kansas City's business magazine), American Spa magazine (where she was Chief Hot-Tub Correspondent), and the tweens' quiz bible, QuizFest, in NYC.

As Editorial Operations Director, a role she took on in January 2015, Sarah is responsible for the day-to-day management of the non-news content elements on Light Reading.

Sarah received her Bachelor's in Journalism from the University of Missouri-Columbia. She lives in Chicago with her 3DTV, her iPad and a drawer full of smartphone cords.

Away from the world of telecom journalism, Sarah likes to dabble in monster truck racing, becoming part of Team Bigfoot in 2009.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like