AT&T Reaches Multi-Million Dollar Settlement Related to 2023 Incident

Settlement, Money, Gavel

AT&T agrees to pay $13 million to settle the FCC investigation into a data breach affecting millions of customers, raising questions about corporate data protection practices.

At a Glance

  • AT&T to pay $13 million settlement for January 2023 data breach affecting 8.9 million customers.
  • Breach occurred at a third-party vendor, exposing account details but not Social Security numbers or credit card information.
  • Settlement includes commitment to enhance data security and vendor oversight measures.
  • FCC emphasizes carriers’ duty to protect consumer data in the digital age.

AT&T’s $13 Million Settlement with FCC

AT&T has agreed to pay $13 million to settle a federal investigation by the Federal Communications Commission (FCC) regarding a data breach that occurred in January 2023. The breach, which involved a third-party vendor, exposed the data of nearly 9 million wireless customers. This settlement highlights the growing concerns over data protection practices in the telecommunications industry.

The exposed data included account specifics such as the number of lines and billing balances from 2015 to 2017. Importantly, the breach did not reveal sensitive information like Social Security numbers, bank information, or account passwords. However, the incident has raised questions about AT&T’s data governance and vendor management practices.

FCC’s Stance on Data Protection

FCC Chairwoman Jessica Rosenworcel emphasized the critical responsibility of carriers in protecting consumer data. In a statement, she said:

“The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches. Carriers must take additional precautions given their access to sensitive information, and we will remain vigilant in ensuring that’s the case no matter which provider a customer chooses.”

This statement underscores the FCC’s commitment to holding telecommunications companies accountable for data protection in an increasingly digital world.

AT&T’s Response and Future Commitments

As part of the settlement, AT&T has entered into a consent decree that requires significant improvements to its data governance, supply chain integrity, and data handling processes. The company has committed to creating a comprehensive information security program, enhancing tracking of customer data, and enforcing stricter data retention rules for third-party vendors.

AT&T’s response includes annual compliance audits and improved oversight of third-party vendors. The company will also limit access to sensitive data and enforce stricter data disposal requirements. These measures aim to prevent future breaches and strengthen the overall security of customer information.

Broader Implications for the Telecom Industry

The AT&T settlement is part of a broader focus by the FCC on cybersecurity practices within the telecommunications industry. Similar consent agreements were secured with Verizon in July 2023, indicating a trend of increased scrutiny and enforcement.

FCC Enforcement Bureau Chief Loyaan A. Egal highlighted the industry-wide implications, stating that telecom firms “have an obligation to reduce the attack surface and entry points that threat actors seek to exploit in order to access sensitive customer data.”

This settlement serves as a wake-up call for the entire telecommunications sector, emphasizing the need for robust data protection measures, especially when dealing with third-party vendors. As companies continue to collect and manage vast amounts of consumer data, the importance of stringent security protocols and vendor oversight becomes increasingly critical.

Sources:

  1. AT&T to pay $13 million to settle FCC probe over cloud data breach
  2. AT&T agrees to $13 million fine for third-party cloud breach
  3. AT&T to pay $13 million over 2023 vendor data breach
  4. AT&T Agrees to $13 Million Penalty to Settle Data Breach Investigation
  5. AT&T to pay $13 million FCC settlement for 2023 data breach
  6. AT&T Will Pay $13 Million In FCC Settlement Over Third-Party Breach