View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

AT&T walloped with $25m customer data breach fine

Pair of call centre staff sold on data to mysterious ‘El Pelon’.

By Jimmy Nicholls

AT&T has agreed to pay a $25m (£16.8m) civil penalty to settle a series of data breaches that affected 280,000 of its customers.

The attacks on the telecoms firm took place between 2013 and 2014 at its call centres in Mexico, the Philippines and Columbia, which were serving American customers.

Tom Wheeler, chairman of the US Federal Communications Commission (FCC), said: "As the nation’s expert agency on communications networks, the commission cannot – and will not – stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud.

"As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers."

According to the FCC at least two AT&T staff were believed to have sold information to a third-party, known to the pair as "El Pelon".

The leakage led to more than 50,000 being used to place unlock requests through AT&T’s request portal, facilitating the trafficking of stolen mobile phones.

Under the deal AT&T must pay the fine within a month, and must also notify the customers who have been affected by the breach and take steps to improve its security.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

In a statement it said: "We’ve changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information."

Meanwhile the FCC, which AT&T must now submit regular compliance reports to, will continue to investigate in a bid to establish whether more people have been affected.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.