- AT&T has finally reached a settlement with the FCC over a previous data breach by a third-party vendor.
- While AT&T wasn’t directly responsible, it didn’t ensure customer data was properly deleted by its vendors.
- AT&T will not only pay a $13 million fee but has also agreed to implement changes that will better protect customer data in the future.
AT&T found itself in some hot water with the FCC back in January 2023 when it was discovered that a partnering vendor had suffered a data breach involving AT&T customer information. While AT&T was not directly responsible for the breach, it allegedly failed to ensure that the vendor had destroyed the data when it was no longer needed, making AT&T liable. AT&T has now finally settled the issue with the FCC (via ArsTechnica), agreeing to pay a $13 million fine and implement stricter controls on sharing data with its vendors.
The main issue was that the data collected should have been destroyed years earlier. Even though the breach wasn’t entirely AT&T’s fault, the law requires carriers to protect customer data. Therefore, it makes sense that the carrier would be held accountable for having lax or unclear policies around how to manage shared data.