U.S. telco's call centre staff allegedly passed private customer information to stolen handset traffickers.
AT&T will pay a $25 million fine to the U.S. Federal Communications Commission (FCC) to settle an investigation into data breaches at three offshore call centres.
The names, account-related data – known as customer proprietary network information (CPNI) – and full or partial social security numbers of some 280,000 AT&T customers were disclosed to unauthorised third parties engaged in trafficking stolen handsets or second-hand phones. The information could be used to obtain codes for unlocking handsets.
The breaches took place at call centres in Colombia, Mexico, and the Philippines between November 2013 and April 2014.
"The Commission cannot – and will not – stand idly by when a carrier's lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud," said FCC chairman Tom Wheeler, in a statement on Wednesday.
The $25 million penalty is the largest fine ever imposed by the FCC's enforcement bureau for a data breach. AT&T is also required to notify affected customers and provide credit-monitoring services for customers whose account details were breached by the Colombian and Philippine call centres. It must also appoint a certified privacy professional as a compliance manager to improve its data security practices.
Source: Total Telecom
Read Original Article
