AT&T has settled with the Federal Communications Commission (FCC) for $13 million after a data breach involving a third-party vendor exposed information from 8.9 million customers. The breach, which occurred between 2015 and 2017, compromised data such as account balances and the number of lines on customer accounts. However, no highly sensitive information like Social Security numbers or passwords was leaked.
The FCC’s investigation found that AT&T had not properly protected its customers’ data, leading to the breach. To resolve the legal issues, AT&T has agreed to pay the fine and implement stronger data management practices, particularly in its dealings with vendors who handle sensitive customer information.
The company assured its customers that its internal systems were not compromised in the breach but acknowledged the need to improve how it manages data. AT&T has also promised to strengthen its data security protocols to prevent future breaches, including imposing stricter controls on how its vendors manage information.
FCC Chair Jessica Rosenworcel noted that protecting customer data is crucial in today’s digital era, emphasizing that telecom companies have a special responsibility to safeguard the personal information they collect.
The settlement serves as a warning to other companies about the importance of securing customer data, especially when working with third-party vendors.