Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.
2 Min Read
AT&T reached a $13 million settlement with the Federal Communications Commission on Tuesday to resolve the agency’s investigation into a January 2023 third-party breach that exposed data of 8.9 million customers.
The telecom operator committed to strengthening its data governance practices and supply chain security as part of the settlement, the FCC said. AT&T is required to protect, properly dispose and limit access to customer proprietary network information, the type of customer account data wireless operators collect for internal use and sell to third parties for marketing purposes.
“AT&T failed to ensure its vendor adequately protected that customer information,” Loyaan Egal, chief of the FCC’s enforcement bureau, said Tuesday in the consent decree. “Instead, it remained in the vendor’s cloud environment for many years after it should have been deleted or returned to AT&T and was ultimately exposed in the 2023 breach.”
AT&T’s settlement with the FCC involves a serious breach, but repeated security lapses, including a third-party breach that exposed data on nearly all of its customers, show a pattern.
AT&T said it’s no longer working with the third-party vendor involved in the January 2023 data breach, and noted the exposed data did not include credit card information, Social Security numbers or account passwords.
“Protecting our customers’ data remains one of our top priorities,” a company spokesperson said Tuesday via email.
“Though our systems were not compromised in this incident, we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices,” the spokesperson said.
The data privacy governance improvements AT&T agreed to should have already been part of its standard process, said Zeus Kerravala, founder and principal analyst at ZK Research.
“What’s the expression, fool me once, shame on you, fool me twice, shame on me?” Kerravala said.
To read the complete article, visit Cybersecurity Dive.
