September 17, 2024 at 01:38PM
The FCC reached a $13 million settlement with AT&T over a 2023 data breach involving 9 million wireless accounts. The breach exposed customer information, including CPNI data. AT&T also agreed to strengthen its data protection practices and implement an Information Security Program. Additionally, AT&T faced another data breach in 2024, compromising call logs of approximately 109 million customers.
Based on the meeting notes, it is clear that AT&T is facing significant challenges in protecting customer data, leading to multiple high-profile breaches over recent years. The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T following an investigation into a data breach that occurred in January 2023, wherein customer data from approximately 9 million AT&T wireless accounts was compromised. The compromised data included Customer Proprietary Network Information (CPNI) such as first names, wireless account numbers, phone numbers, and email addresses.
It is noteworthy that AT&T has committed to improving its data governance practices as part of the settlement. The company has agreed to implement a comprehensive Information Security Program, improve its data inventory processes, ensure that vendors follow retention and disposal rules for customer information, and conduct annual compliance audits. These measures are intended to protect consumer data against similar vendor breaches in the future.
Furthermore, in July 2024, AT&T reported another significant data breach, involving the theft of call logs for roughly 109 million customers from an online database on the company’s Snowflake account. These breaches highlight the importance of ongoing efforts to bolster data security and privacy measures.
Going forward, it is crucial for AT&T to remain vigilant in safeguarding customer data, as emphasized by FCC Chairwoman Jessica Rosenworcel and Enforcement Bureau Chief Loyaan A. Egal. The company’s commitment to enhancing its data protection practices is essential in mitigating the risk of future breaches and maintaining consumer trust in the digital age.