AT&T fined $25 million by FCC over customer data breaches to obtain phone unlock codes


For nearly six months, between November 2013 and April 2014, off-shore call centers for AT&T accessed customer information, including social security numbers and other account data, and then sold the information to third-parties. The breaches were being made without authorization, and occurred at call centers in Mexico, Colombia, and the Philippines. In all, more than 280,000 US-based customers’ records were accessed.

It was not reported if the companies that operate these call centers serve any other US carriers. In this particular case, according to AT&T, three employees in Mexico, and another 40 at the centers in Colombia and Philippines accessed, at a minimum, names, telephone numbers, and at least the last four digits of the social security number on the account.

That data was sold to parties that would use that information to get the unlock codes for AT&T mobile phones. The FCC’s enforcement bureau initially began investigating the data breaches in Mexico, and later discovered the other problem areas during the investigation. Since it was AT&T’s responsibility to maintain Customer Proprietary Network Information (CPNI), the FCC placed the burden on the carrier as the investigation progressed.

The center in Mexico accessed about 68,000 records, from which, they determined more than 290,000 handset unlock codes were requested. In addition to paying the fine, AT&T will be notifying affected customers directly and will pay for credit monitoring services for those customers. The carrier has since canceled the contract with the Mexican center, and is taking “appropriate” action with the other vendors in Colombia and the Philippines.

source: FierceWireless

FEATURED VIDEO

6 Comments

1. joe1blue

Posts: 169; Member since: Jul 25, 2013

All I can say is WOW!

2. MikeG77

Posts: 426; Member since: Nov 24, 2008

Sorry but 25 million is not a big enough fine or punishment. I would say fire all the employees that were involved including their direct managers if they were involved and look into further legal action if applicable, provide credit monitoring for all customers effected for up to 24 months and At@t would be required to forfeit ALL net profits gained durrung the time period of Nov 2013 to Apr 2014 and all monies generated by selling customers info. That seems to be a fair solition and warm At@t that if they do it again they will lose all net profits for 6 months etc etc.

3. o0Exia0o

Posts: 903; Member since: Feb 01, 2013

Problem is, AT&T probably had no idea that this was going on and did not profit from any of what was done. The "employees" of the call centers that were selling the information and third parties that were unlocking the phones are the ones that made the profit. But AT&T is still guilty of not better securing that information and making sure that it was not used like it was. I agree that the fine was not big enough considering the infraction and AT&T's ignorance of what was going on but beyond a fine there's really nothing more that can be done unless it was proven that AT&T knew of the problem and did nothing to fix it.

4. MikeG77

Posts: 426; Member since: Nov 24, 2008

Thats why i said fire the specific employees and and direct managers who knew what was going on plus criminal charges. I'm not talking about profits that would have been made through the unlocking but instead im looking AT&T's profits as a company. Companies need to respect their customers right to privacy.

5. tacarat

Posts: 854; Member since: Apr 22, 2013

The vendors were contracted companies. I believe the companies had their contracts cut due to this issue, so you actually are asking for less than what was done. Maybe some of those jobs need to be brought back into the company rather than sent overseas to 3rd parties.

6. corporateJP

Posts: 2458; Member since: Nov 28, 2009

Carriers are idiots. Serves them right...

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.