A senior FCC official told reporters on a conference call that these breaches resulted in an unauthorized disclosure of names and full or partial Social Security numbers and illegal access to account information of about 280,000 U.S customers of AT&T.
According to U.S. Federal Communications Commission, the employees at call centers sold hundreds of thousands of AT&T customer records, including names and Social Security numbers, to criminals who attempted to use the customer information to unlock stolen mobile phones.
AT&T said in a statement: “We are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations.”
More than 279,000 U.S. customers of AT&T were affected by the data breaches, originating in call centers in Mexico, Colombia and the Philippines, the FCC said. In addition $25 million civil penalty levied on the No. 2 wireless carrier is the largest data security enforcement action to date.
In October, the FCC imposed a $10 million fine on telecom companies TerraCom and YourTel for consumer privacy breaches.
AT&T has “no reason to believe” that the stolen customer records were used for identity theft or financial fraud, the company said in a statement.
The FCC initiated an investigation into improper disclosure of customer information at AT&T’s Mexico call centers in May. Soon after that AT&T informed the agency of additional data breaches in Colombia and Philippines, the official said.
AT&T will notify all affected customers, will pay for credit monitoring in many cases, and hire a data security compliance manager as part of the settlement with the FCC.