The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on Monday, ending an investigation into how the company’s vendor mishandled customer data. The breach occurred at Financial Business and Consumer Solutions (FBCS), a debt collection agency that the company used until 2022. FBCS suffered a data breach in 2024 that compromised personal information belonging to the company’s internet, TV, and home security customers.
The breach was publicly disclosed in August 2024. However, the vendor had already filed for financial collapse before the incident came to light. Under the settlement agreement, the company must implement a comprehensive compliance plan designed to strengthen vendor oversight practices. The new requirements focus specifically on protecting customer privacy and ensuring information security across all third-party vendors that handle sensitive data. This step aims to prevent similar incidents from occurring in the future.
The company stated that it was not responsible for the breach and has not admitted any wrongdoing, emphasizing that its own systems were not compromised during the incident. The company said FBCS was required to follow strict security standards and meet all vendor security rules, Reuters reported. Despite this, the company acknowledged the importance of the settlement in moving forward. “We remain committed to continually strengthening our cybersecurity policies and protections to safeguard customer data,” the company said in a statement.
Reuters expressed its dedication to maintaining robust security measures that protect its millions of customers. The settlement shows that regulators are paying closer attention to how big telecom companies handle customer data through outside vendors. With data breaches becoming increasingly common, regulators like the FCC are imposing stricter requirements on companies to oversee their vendors’ security practices.
This case serves as a reminder that companies remain accountable for protecting customer information, even when a breach occurs at an external vendor. The $1.5 million fine and the mandated compliance plan underscore the regulatory focus on third-party security risk management in the telecommunications sector. This action sets a precedent for how major corporations will be expected to monitor and enforce privacy standards among their business partners moving forward.
Reference:
