AT&T data breaches exposed about 280,000 US customers’ names and full or partial Social Security numbers. The breaches occurred at call centers used by AT&T in Mexico, Colombia, and the Philippines when employees accessed sensitive customer data without adequate authorization.
Those employees took payment from third parties who were apparently interested in customer names and Social Security numbers so they could unlock stolen cell phones for sale on secondary markets, the FCC said.
The investigation found that three call center employees in Mexico accessed more than 68,000 accounts without authorization, so the third parties could submit more than 290,000 unlock requests through an AT&T online portal. Over the course of the investigation into that breach, the FCC also discovered that approximately 40 company employees in the Philippines and Colombia had accessed about 211,000 customer accounts for the same illicit purposes.
As part of its settlement with the FCC, AT&T agreed to notify all customers whose accounts were improperly accessed, and to pay for credit monitoring services for those customers affected by the breaches in Colombia and the Philippines, the agency said.
The telecom also assented to improving its security practices and regularly filing compliance reports to the FCC.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now