AT&T agrees to pay $25M after data breach exposes 280,000 US customers
AT&T has agreed to pay a $25 million civil penalty to the Federal Communications Commission (FCC) related to data breaches that left 280,000 US customers at risk.
Employees at AT&T call centers in the Philippines, Mexico and Colombia accessed information without proper authorization - and some employees accessed data so they could pass along customer names, Social Security numbers and other data to third-parties.
"As the nation's expert agency on communications networks, the Commission cannot- and will not- stand idly by when a carrier's lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud," said Tom Wheeler, Chairman of the FCC.
AT&T will improve security practices, inform customers who could be affected, and pay for adequate credit monitoring services.