(Reuters) — The Federal Communications Commission reached a $25 million settlement with AT&T Inc. over a consumer data breach at call centers in Mexico, Colombia and the Philippines, the U.S. communications regulator said on Wednesday.
The $25 million civil penalty levied on the No. 2 wireless carrier is the largest data security enforcement action to date, a senior FCC official told reporters on a conference call.
The breaches led to unauthorized disclosure of names and full or partial Social Security numbers and illegal access to account information of about 280,000 U.S customers of AT&T, the FCC official said.
The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties who seem to have been trafficking stolen cell phones, the official said. The breaches occurred in 2013 and 2014.
AT&T said in a statement: "Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We've changed our policies and strengthened our operations."
In October, the FCC imposed a $10 million fine on telecom companies TerraCom and YourTel for consumer privacy breaches.
(Reuters) — AT&T Inc. informed about 1,600 customers that an employee gained unauthorized access to their personal data in August, a person familiar with the matter told Reuters, the latest in a flurry of data breaches in recent months.