AT&T to pay record fine
April 8, 2015AT&T will be paying $25 million (23.1 million euros) in a settlement with federal regulators for "consumer privacy violations" at call centers in Mexico, Colombia and the Philippines, US regulators announced on Wednesday.
Data breaches occurring during 2013 and 2014 affected some 280,000 US customers - most of them Spanish-speaking, the Federal Communications Commission said in a statement.
The FCC said the case is the agency's largest privacy and data security enforcement action to date.
"The Commission cannot - and will not - stand idly by when a carrier's lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud," said FCC Chairman Tom Wheeler, adding the agency will "exercise its full authority" against companies failing to safeguard the personal information of their customers.
Call center employees were paid by third parties to obtain customer information, such as names and Social Security numbers. The data was then most likely used to unlock stolen phones, the agency said.
The settlement also requires AT&T to offer credit monitoring services to affected customers, as well as take steps to upgrade its privacy and data-security practices, such as appointing a senior compliance manager.
The FCC had begun its probe after learning of a 168-day data breach at an AT&T call center in Mexico between November 2013 and April 2014. The inquiry was then extended to call centers in Colombia and the Philippines.
AT&T said it sees consumer privacy as "critical."
"We hold ourselves and our vendors to a high standard," AT&T said in a statement. "Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate."
The second-largest US wireless carrier added it had changed its policies and strengthened its operations.
el/hg (AP, AFP, dpa)