AT&T to pay $13 million settlement for data breach
AT&T has agreed to pay $13 million to resolve a Federal Communications Commission (FCC) investigation into whether the telecom giant failed to protect customer information in connection with a data breach last yea.
The investigation centered on a January 2023 incident where hackers infiltrated the cloud environment of an AT&T vendor and stole exposed data belonging to nearly 9 million wireless customers. The FCC's probe focused on how AT&T's privacy, cybersecurity and vendor management practices may have played a role in this incident.
AT&T — which reported nearly $30 billion in earnings last quarter — agreed to the $13 million settlement and entered into a consent decree that requires the telecommunications giant to “strengthen” its data governance practices, “increase its supply chain integrity” and ensure that there are procedures around the handling of sensitive data.
Before the cyberattack, AT&T relied on a third-party vendor to host customer data. The user information exposed in the hack, including the number of lines on a customer's account and billing information from 2015 through 2017, should have been deleted well before the breach, according to the FCC.
Comments ()