AT&T has reached a $13 million settlement with the Federal Communications Commission (FCC) to resolve an investigation into a major data breach that occurred in January 2023. The breach involved a vendor’s cloud environment, which led to the exposure of data from approximately 9 million AT&T wireless accounts. This compromised information included customer names, wireless account numbers, phone numbers, and email addresses. However, the breach did not involve more sensitive personal data such as credit card details or Social Security numbers. The FCC’s probe focused on whether AT&T had adequately protected customer data and monitored the vendor’s compliance with data security protocols.
The FCC’s investigation revealed that AT&T’s vendor had failed to properly handle and destroy customer data after the contract ended, which contributed to the breach. Despite the vendor’s contractual obligation to return or destroy the data, it was found that AT&T had not effectively overseen the vendor’s adherence to these requirements. As a result, AT&T was found to have fallen short in maintaining adequate privacy and cybersecurity practices, leading to the significant settlement.
As part of the settlement, AT&T has committed to implementing a comprehensive Information Security Program to bolster its data protection efforts. This includes improving its data inventory processes to better track and manage data shared with vendors, enforcing stricter data retention and disposal policies, and conducting annual compliance audits to ensure adherence to these new requirements. The FCC emphasized that carriers must adopt stringent measures to safeguard consumer data, reflecting the growing need for robust data protection practices in the digital age.
This settlement follows a series of other data breaches faced by AT&T, including a massive incident in July 2024, where attackers stole call logs for around 109 million customers. Although the latest breach did not compromise the content of communications, it underscored the importance of securing customer information against potential threats. The FCC’s Chairwoman Jessica Rosenworcel and Enforcement Bureau Chief Loyaan A. Egal both highlighted the crucial role of telecommunications providers in reducing vulnerabilities and protecting sensitive customer data in an increasingly interconnected world.
