The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T following a probe into a data breach that exposed customer information stored by a vendor’s cloud environment three years ago.

The investigation uncovered that AT&T had insufficiently monitored the vendor’s security practices, leading to a breach that compromised the personal data of 9 million wireless customers in January 2023.

Buy Me A Coffee

The breached data, known as Customer Proprietary Network Information (CPNI), included names, account numbers, phone numbers, and email addresses. Although sensitive details like credit card numbers and Social Security numbers were not exposed, the FCC emphasized that AT&T failed to ensure that the vendor followed proper data destruction protocols after the contract ended, leaving customer data vulnerable.

In response, AT&T has agreed to bolster its data security measures. The settlement requires AT&T to implement a comprehensive Information Security Program, enhance data monitoring and vendor management practices, and conduct annual compliance audits to safeguard customer data more effectively.

AT&T also faced another breach in July 2024, where attackers accessed call logs of approximately 109 million customers. While no sensitive personal information was compromised, the incident highlighted ongoing vulnerabilities in the company’s data protection protocols.

READ
FCC Launches $200 Million Cybersecurity Pilot Program for Schools and Libraries