Internal Data Breach Leaves AT&T At The Mercy Of The FCC

The seemingly endless cycle of data breaches just keep on coming; the next in line is one of the largest telecommunications companies in the world, AT&T. 280,000 US customers’ social security numbers have been compromised in a massive breach that has now been identified as an internal data theft, of sorts.

Employees of AT&T affiliated call centers in Mexico, the Phillippines, and Colombia accessed and distributed sensitive customer information to unlock stolen cell phones for sale on illegitimate markets. The access to customer information was illicit and unauthorized, which has now resulted with AT&T pulling the plug on many of their global vendor sites.

After their investigation, the FCC announced that the 280,000 compromised US accounts were comprised of attacks from three employees in the Mexican call center, which accessed 68,000+ customer accounts, and more than 40 employees spanning the Phillippino and Colombian call centers accessed roughly 211,000 customer accounts.

It’s very probable that AT&T will be re-evaluating and altering many of their security policies to help ensure that a breach of this magnitude doesn’t happen again.

A civil penalty settlement of $25 million has been reached by both the FCC (Federal Communications Commission) and by AT&T. AT&T will also be forced to notify all of its customers whose data was compromised in the attack, and they will also provide complimentary credit monitoring services for the breaches in the Philippines and Colombia.

These are hardly comforting actions for customers of AT&T, but with the improvement of their security policies, as well as an agreement to regularly document their compliance reports with the FCC, customers may find peace of mind for future AT&T subscriptions.

Written by Samuel Lang