The FCC and AT&T have settled in the aftermath of the mobile company's 2024 data breach.
What happened
AT&T agreed to a $13 million settlement with the FCC after a data breach exposed the personal information of wireless customers. The settlement came as part of an FCC investigation into the breach, which affected both current and former customers.
As part of the agreement, AT&T must pay the fine and improve its security measures and supply chain practices to better protect customer data. AT&T managed to avoid a class action lawsuit in North Carolina by enforcing arbitration clauses.
The backstory
On April 2024 AT&T experienced a data breach affecting over 70 million customers including 7.6 million current and 65.4 million former account holders. The breach, discovered in early 2024, involved sensitive information like Social Security numbers, email addresses, mailing addresses, phone numbers, and birth dates, which were found on the dark web.
What was said
The FCC settlement document provided the following on the civil penalty and vendor oversight, “AT&T will pay a civil penalty to the United States Treasury in the
amount of $13,000,000 within thirty (30) calendar days of the Effective Date…AT&T shall engage in ongoing monitoring of Vendors’ compliance with AT&T’s data security obligations using assessments, reviews, and other oversight.”
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a data breach?
An incident where unauthorized individuals access and steal sensitive information from a company or organization.
How is compromised data commonly used?
Commonly used for identity theft, fraud, and selling on illicit markets.
What is the dark web?
A part of the internet not indexed by search engines is often used for illegal activities and to buy stolen data.
Kirsten Peremore
