Telecom giant AT&T will give American regulators $25 million after a data breach compromised personally-identifiable information pertaining hundreds of thousands of customers.
The agreement reached between AT&T and the United States Federal Communications Commission (FCC) and announced on Wednesday this week signals the largest settlement the company has ever paid to resolve a privacy case, according to the Los Angeles Times.
According to the FCC, a data breach suffered at three foreign AT&T call centers caused the names, Social Security numbers and other sensitive details belonging to nearly 280,000 United States-based customers to be affected.
The breach occurred over the course of 168-days beginning in late November, the FCC says, as three call center employees at branches in Mexico, Colombia and the Philippines systematically accessed customer records for more than 68,000 accounts that were then provided to a third-party. The FCC maintains that these records were then used to unlock mobile devices, including stolen phones, through nearly 300,000 unlock requests.
“As the nation's expert agency on communications networks, the commission cannot - and will not - stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” FCC Chairman Tom Wheeler said in a statement celebrating this week’s settlement.
In a statement of its own, AT&T reassured clients this week that “protecting customer privacy is critical” to the telecom.
“We hold ourselves and our vendors to a high standard,” AT&T said. “Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information.”
Additionally, AT&T will appoint a privacy official as part of the settlement in order to ensure proper safeguards are applied to avoid any further breaches from occurring in the future. As of last year, AT&T no longer uses detailed customer records in order to unlock phones, the FCC told the Times.