The Federal Communications Commission reached a $25 million settlement with AT&T Inc over a consumer data breach at call centers in Mexico, Colombia and the Philippines, the US communications regulator said on Wednesday.
The breaches led to unauthorized disclosure of names and full or partial Social Security numbers and illegal access to account information of about 280,000 US customers of AT&T, a senior FCC official told reporters on a conference call.
The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties who seem to have been trafficking stolen cell phones, the official said. The breaches occurred in 2013 and 2014.
AT&T said in a statement: “We are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations.”
The $25 million civil penalty levied on the No. 2 wireless carrier is the largest data security enforcement action to date, the FCC official added.
In October, the FCC imposed a $10 million fine on telecom companies TerraCom and YourTel for consumer privacy breaches.
The FCC launched an investigation into improper disclosure of customer information at AT&T’s Mexico call centers in May. Shortly after that AT&T informed the agency of additional data breaches in Colombia and Philippines, the official said.
AT&T has been taking steps to inform affected customers, the company said.
