LAWSUITS NEWS & LEGAL INFORMATION
AT&T to Pay $25M to Settle Massive Data Breach Lawsuit
This is a settlement for the Media/Telecom lawsuit.
New York, NY: AT&T will pay $25 million to resolve claims the phone carrier failed to adequately safeguard personal data of approximately 300,000 customers. The Federal Communications Commission (FCC) announced the settlement of its data breach lawsuit this week. The data was stolen from call centers in Mexico, Colombia and the Philippines.
According to the FCC, employees at call centers used by AT&T in the three countries accessed records belonging to roughly 280,000 U.S. customers without authorization (Getty). Those records were accessed without authorization, in order to obtain names, full or partial Social Security numbers and other protected account-related data. Those data are also known as customer proprietary network information, which require requests for handset unlock codes for AT&T mobile phones.
The FCC alleged in its complaint, that the call center employees then provided that data to unauthorized third parties, which included an entity that went by the alias El Pelon in Mexico, who appeared to have been trafficking in stolen or secondary market phones that they wanted to unlock. That entity allegedly used the information to make more than 290,000 unlock requests through AT&T's website.
In addition to the $25 million penalty for the alleged violations of Sections 222 and 201 of the Communications Act, AT&T will must also improve its privacy and data security practices by appointing a senior compliance manager who is a certified privacy professional, conducting a privacy risk assessment, implementing an information security program, preparing an appropriate compliance manual and regularly training employees on the company' privacy policies and the applicable privacy legal authorities, the FCC said.
Published on Apr-8-15
According to the FCC, employees at call centers used by AT&T in the three countries accessed records belonging to roughly 280,000 U.S. customers without authorization (Getty). Those records were accessed without authorization, in order to obtain names, full or partial Social Security numbers and other protected account-related data. Those data are also known as customer proprietary network information, which require requests for handset unlock codes for AT&T mobile phones.
The FCC alleged in its complaint, that the call center employees then provided that data to unauthorized third parties, which included an entity that went by the alias El Pelon in Mexico, who appeared to have been trafficking in stolen or secondary market phones that they wanted to unlock. That entity allegedly used the information to make more than 290,000 unlock requests through AT&T's website.
In addition to the $25 million penalty for the alleged violations of Sections 222 and 201 of the Communications Act, AT&T will must also improve its privacy and data security practices by appointing a senior compliance manager who is a certified privacy professional, conducting a privacy risk assessment, implementing an information security program, preparing an appropriate compliance manual and regularly training employees on the company' privacy policies and the applicable privacy legal authorities, the FCC said.
Legal Help
If you have a similar problem and would like to be contacted by a lawyer at no cost or obligation, please fill in our form.Published on Apr-8-15
READ MORE Internet/Technology Settlements and Legal News
READ MORE Media/Telecom Settlements and Legal News
READER COMMENTS
vickie smith
on
LINDA TOLBERT
on
Cynthia Quinn
on
Toni Kirkland kirkendoll
on
DanRich
on
KASHA DAVIS
on
PLEASE CONTACT ME THANKS..
Cynthia
on
Reginald Lewis
on
Theresa hiesener
on