AT&T to pay US$25mil penalty for call centre data breaches

  • TECH
  • Thursday, 09 Apr 2015

PAYING THE PRICE: The FCC said the case represented its

WASHINGTON: AT&T will pay a US$25mil (RM90.61mil) fine for “lax security” at overseas call centres where employees stole personal data for mobile phone traffickers, US regulators said. 

The Federal Communications Commission announced the settlement in the case which affected some 280,000 AT&T customers. 

FCC officials said the lack of security at AT&T call centres in Mexico, Colombia, and the Philippines allowed employees in those locations to steal personal information which could be used to “unlock” stolen phones. 

The employees “provided that information to unauthorized third parties who appear to have been trafficking in stolen cellphones or secondary market phones that they wanted to unlock,” an FCC statement said. 

The breach allowed those in the scheme to get customer names, full or partial social security numbers and other data that could be used to submit an “unlock” request to the big US telecom carrier, allowing them to resell stolen devices. 

The breaches exposed US victims to potential identity theft, according to the FCC, which said the settlement requires AT&T to offer credit monitoring and notifications to affected consumers. 

FCC chairman Tom Wheeler said the agency “cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud.” 

The FCC began a probe after learning of a 168-day data breach that took place at an AT&T call centre in Mexico between November 2013 and April 2014. 

During this period, three call centre employees were paid by outside parties to obtain customer information that could then be used to submit online requests for cellular handset unlock codes, the FCC said. 

In Mexico, some 68,000 customers had data compromised, according to investigators. 

The probe later was extended to call centres in Colombia and the Philippines. In those two countries, 40 employees were able to access the confidential data and sold information on around 211,000 customers, the FCC said. 

The FCC said the case represented its “largest privacy and data security enforcement action to date” and also requires AT&T to upgrade its security procedures and appoint a privacy compliance officer. – AFP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Next In Tech News

Canada says reiterated to U.S. that it plans a digital services tax - minister
Apple has filed a patent to watch 3D content without special glasses or headset
Discord has unveiled new features and more inclusive policies
Japan to boost spending to promote local chip production - Nikkei
Take-Two beats quarterly sales and profit estimates; shares up
Ransomware hits near pre-Colonial Pipeline levels, data suggests
Discovery extends CEO contract through 2027 after AT&T deal
Amazon extends moratorium on police use of facial recognition software
Saudi Aramco to co-lead report on cyber resilience in oil industry
Fisker to supply up to 700 vehicles to UK-based Onto in 2023

Stories You'll Enjoy