FCC slaps AT&T with $25 million fine over customer data breach
AT&T and the Federal Communications Commission are already at odds over the net neutrality debate, but a newly revealed customer data breach has only heightened the tension.
The federal agency leveled a $25 million fine this week against the telecommuncations giant in response to a data breach affecting roughly 300,000 customers.
That data included both names and Social Security numbers.
However, whereas many recent data security breaches in recent headlines have been suspected or alleged to have been committed by outside forces and hackers, this one happened at the hands of employees in AT&T's own customer service call centers in Mexico, Colombia and the Philippines.
"Protecting customer privacy is critical to us. We hold ourselves and our vendors to a high standard," said AT&T spokesperson Fletcher Cook in a statement provided to ZDNet on Wednesday. "Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We've changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information."
At least three call center employees in Mexico had unauthorized access to more than more than 68,000 accounts alone, according to CNBC. The information was illegally gathered over several months between 2013 and 2014, later sold to a third party.
The New York Times highlighted that pool of stolen data was used to submit 290,803 unlock requests on mobile phones through AT&T's website.
AT&T reported those incidents to the FCC last year, followed up the additional discoveries in the Philippines and Colombia alerted to the Commission this year.