AT&T to pay millions over 2023 data breach
Add Axios as your preferred source to
see more of our stories on Google.
AT&T is headquartered in downtown Dallas. Photo: Ronald Martinez/Getty Images
Dallas-based AT&T has agreed to a $13 million settlement over a data breach that occurred in a January 2023, the Federal Communications Commission announced Tuesday.
Why it matters: The telecommunications industry was a top target for hackers last year, with over 80% of breaches involving cloud-stored data, per the FCC.
- At least 1 billion records have already been stolen or accessed in data breaches this year, according to TechCrunch.
The big picture: AT&T has experienced multiple breaches in recent years. The company reported in July that hackers had seized several months of call logs, affecting almost all AT&T cellphone users.
Zoom in: The FCC's investigation of the January 2023 breach found that AT&T should have done a better job of protecting customer data shared with vendors.
- AT&T customer information was stolen from a vendor the company previously used to generate personalized video content, such as billing and marketing videos for customers. The breach happened years after they had ended their contract.
- The FCC says AT&T failed to ensure the vendor adequately protected customer information and failed to make sure that the vendor returned or destroyed the information as required by their contract.
The other side: The breach included the number of phone lines on accounts — not credit card information, Social Security numbers or passwords, AT&T told Axios in a statement Tuesday.
- "Though our systems were not compromised in this incident, we're making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors' data management practices," the company said.
The latest: AT&T has also agreed to improve its data practices and oversight over sensitive data given to vendors. The company plans to conduct compliance audits annually, too.
- "Carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches," FCC Chair Jessica Rosenworcel said in a statement.
Reality check: Given its large customer base and extensive use of vendors, AT&T will likely spend far more than its civil penalty on the improvements, the FCC says.
Zoom out: The commission also fined AT&T $57 million in April for "failing to reasonably protect its customers' location information."