September 18, 2024 at 08:24AM
AT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach compromising customer information. The FCC’s consent decree addresses AT&T’s failure to protect customer data and mandates investments in data protection measures. AT&T is required to limit vendor access to customer information and strengthen its data governance practices.
From the meeting notes, it is clear that AT&T has agreed to pay a $13 million settlement with the FCC over a 2023 data breach. The breach was due to a cyberattack on a third-party vendor and resulted in the compromise of customer proprietary network information (CPNI) of approximately nine million AT&T customers. The FCC announced a consent decree to resolve the investigation and AT&T will pay a civil penalty and commit to strengthening its data governance practices. AT&T is also required to limit vendor access to customer CPNI, implement a comprehensive security program, track customer data, enforce vendor controls, and conduct annual compliance audits. Additionally, the company will make significant investments in improving the protection of customer information shared with third parties.