AT&T Agrees to Pay $13M Fine Following Vendor Data Leak
AT&T agreed to pay $13 million and strengthen its data retention practices to settle an FCC Enforcement Bureau investigation into the integrity of the carrier’s supply chain and “whether it failed to protect the information of AT&T customers in connection…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
with a data breach of a vendor’s cloud environment,” said a Tuesday news release from the FCC. The agency refers only to “Vendor X.” In January 2023, the vendor “suffered a data breach that exposed information” of nearly 9 million AT&T wireless customers, according to a consent decree. “AT&T failed to ensure the vendor: (1) adequately protected the customer information, and (2) returned or destroyed it as required by contract,” the FCC said. “The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches,” said FCC Chairwoman Jessica Rosenworcel. Protecting customer data is a top AT&T priority, a spokesperson said in an email. “A vendor we previously used experienced a security incident last year that exposed data pertaining to some of our wireless customers,” the spokesperson said: Though AT&T systems weren’t compromised “we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices.”