AT&T has agreed to pay $13 million to settle a Federal Communications Commission (FCC) investigation into a data breach that exposed the personal information of 8.9 million customers. The breach, which occurred between 2015 and 2017 due to a compromised cloud vendor, revealed customer data including the number of lines on accounts and bill balances. No Social Security numbers, passwords, or credit card information were exposed.
The FCC’s investigation determined that AT&T had not taken sufficient steps to protect customer data, leading to the breach. In response, AT&T has not only agreed to the fine but has also committed to enhancing its data governance practices. The company is focusing on improving how it handles data internally and how its vendors manage customer information to prevent future breaches.
AT&T stated that its internal systems were not directly compromised during the breach. However, the company acknowledged the need to strengthen its security protocols and will be implementing more stringent controls for vendors handling sensitive information.
FCC Chair Jessica Rosenworcel highlighted the importance of securing customer data in today’s digital age, emphasizing that companies must take extra precautions to ensure their customers’ privacy and security.
The $13 million fine and AT&T’s commitment to improving its data security serve as a reminder of the critical role telecom companies play in protecting personal information in an increasingly connected world.