FCC fines AT&T $25 million for data breach affecting 280,000 customers

After employees at its call centers swiped personal info of nearly 280,000 customers, AT&T has to pay $25 million to settle with the FCC. The fine is a result of the carrier's "consumer privacy violations" at call centers in Mexico, Colombia and the Philippines, where employees nabbed names, social security numbers and account info without proper authorization. Stolen data was used to request unlock codes, which were then provided to a third party dealing in stolen and "secondary market" handsets. "As today's action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers," said FCC Chairman Tom Wheeler. In addition to the hefty fine, AT&T must notify all affected customers, in addition to providing credit monitoring services for those included in breaches in both Colombia and the Philippines. It must also appoint a senior compliance manager to keep an eye on things and file regular security reports with the FCC.

[Image credit: Andrew Harrer/Bloomberg via Getty Images]

We reached out to AT&T for a word on the matter, and the company says it already updated policies, including cutting ties with vendors as needed. Here's the full statement:

Protecting customer privacy is critical to us. We hold ourselves and our vendors to a high standard. Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We've changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information.