On Wednesday, the Federal Communications Commission announced it has reached a $25 million settlement with AT&T Services Inc. over allegations the phone carrier failed to protect the personal data of hundreds of thousands of customers whose personal information was compromised in a data breach that occurred between November 2013 and April 2014.
According to the FCC, the records of nearly 280,000 U.S. customers were accessed by employees at call centers used by AT&T in Mexico, Colombia and the Philippines. The information that was reportedly accessed included names, Social Security numbers and other customer proprietary network information that is required to for unlock requests for AT&T cell phones. This data was allegedly provided to unauthorized parties who may have been trafficking in stolen phones. At least two employees have reportedly confessed that they sold the information to an unauthorized third party. The third party entity reportedly used the customer information to make more than 290,000 unlock requests through AT&T’s online unlock request portal.
“To settle this matter, AT&T will pay a civil penalty of $25,000,000 and develop and implement a compliance plan to ensure appropriate processes and procedures are incorporated into AT&T’s business practices to protect consumers against similar data breaches in the future,” the data breach settlement documents state. “In particular, AT&T will be required to improve its privacy and data security practices by appointing a senior compliance manager who is privacy certified, conducting a privacy risk assessment, implementing an information security program, preparing an appropriate compliance manual, and regularly training employees on the company’s privacy policies and the applicable privacy legal authorities.”
In addition to these policy changes, AT&T will notify all customers whose accounts were improperly accessed and pay for credit monitoring services for consumers affected by the data breach. According to AT&T, there is no evidence that the data breach has caused customers’ data to be used for identity theft.
According to the FCC, the AT&T data breach settlement is the largest data security and privacy enforcement action in the agency’s history. “As the nation’s expert agency on communications networks, the Commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” FCC Chairman Tom Wheeler stated. “As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers.”
The AT&T Data Breach Lawsuit is In the Matter of AT&T Services Inc., before the Federal Communications Commission.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2025 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
26 thoughts onAT&T to Pay $25M in Data Breach Settlement with FCC
Did my data get breached?
I’m now part of the dark Web. My SS # was uploaded too the dark Web. I’m like are you kidding me. And they say well no info that got out or stolen. Led too anyone s identity being stolen. I say how you figure the info was breached and from there it went from hand to hand. Three different times that I know of
I’m now part of the dark web