ShtëpiCII/OTTelco agrees to $13M settlement with FCC

Telco agrees to $13M settlement with FCC

Publikuar më

spot_img

AT&T, a leading telecommunications company, has recently come to a $13 million settlement with the Federal Communications Commission (FCC) in light of a significant data breach that impacted around nine million of its customers. The breach, which took place in January 2023, involved the unauthorized access and sale of customer data by third-party vendors employed by AT&T.

According to the FCC’s consent decree, AT&T was found to have failed in safeguarding the confidentiality of customer proprietary information (PI) and inappropriately disclosed individually identifiable customer information without proper approval. This breach stemmed from the mishandling of sensitive personal data by AT&T’s third-party vendors who were entrusted with managing customer information, particularly Customer Proprietary Network Information (CPNI).

The vendors, hired for customer service and support, accessed CPNI data without authorization and sold it to external parties, posing a significant risk to millions of AT&T customers. This breach had far-reaching implications, as unauthorized individuals purchased the data to unlock phones for resale on the black market, contributing to a rise in SIM swapping frauds where bad actors exploit customer phone numbers for illicit gains.

In response to customer complaints and reports of suspicious activities, the FCC launched a thorough investigation into the breach. It was uncovered that AT&T’s vendors had accessed and misused CPNI data of approximately nine million customers without proper consent, in violation of FCC rules regarding CPNI protection. The investigation also highlighted vulnerabilities in AT&T’s data security practices, particularly its lack of robust oversight mechanisms for third-party vendors.

To address the findings and avoid further legal repercussions, AT&T agreed to a $13 million fine as part of the settlement with the FCC. While not admitting guilt, the company committed to implementing enhanced security measures to prevent future breaches. These measures include tighter oversight of third-party vendors, stringent access controls, and regular security audits to identify and address vulnerabilities in data management systems.

The breach not only impacted millions of AT&T customers but also raised concerns about data security and privacy among consumers. In response, AT&T has initiated customer-centric initiatives such as offering free identity theft protection services to those affected by the breach. The settlement also serves as a cautionary tale to telecommunications providers on the importance of securing customer data and maintaining vigilance in data protection practices, especially when engaging third-party vendors who handle sensitive information.

Lidhja e burimit

Artikujt e fundit

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...

New Malware Campaign Targets Windows Users via Gaming Apps

Cybersecurity experts have recently discovered a new strain of malware, Winos4.0, that is being...

Më shumë si kjo

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...
sqAlbanian