x
Breaking News
More () »

AT&T to pay $13 million over 2023 vendor data breach

The FCC said that the mandatory changes in the settlement's terms will likely require AT&T to make significant investments that far exceed the $13 million fine.
Credit: AP
FILE - An AT&T sign is seen at a store in Pittsburgh, Monday, Jan. 30, 2023.

WASHINGTON — AT&T has agreed to a $13 million settlement to resolve an investigation into a data breach in January 2023, the Federal Communications Commission announced Tuesday. 

The breach involved a cloud environment operated by a vendor contracted by AT&T to generate and host personalized billing and marketing videos for AT&T customers. According to the FCC, AT&T failed to ensure that the vendor adequately protected customer information and properly disposed of it as required by their contract. The data breach happened years after the vendor's contract with AT&T had ended. 

It was a separate incident from the massive customer data breach AT&T announced in July.

"The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches," FCC Chairwoman Jessica Rosenworcel said in a statement. “Carriers must take additional precautions given their access to sensitive information, and we will remain vigilant in ensuring that’s the case no matter which provider a customer chooses.”

As part of the settlement, AT&T will make significant security upgrades to enhance the tracking of customer data, implement stricter vendor controls and oversight, and conduct annual compliance audits. 

The FCC said that the mandatory changes in the settlement's terms will likely require AT&T to make significant investments that far exceed the $13 million fine. 

This settlement follows a similar agreement reached with Verizon on behalf of TracFone in July 2024. 

In April, the FCC leveraged nearly $200 million in fines against wireless carriers for illegally sharing customers’ location data without their consent, including a $57 million fine for AT&T. 

Related

Hack steals call logs from nearly every AT&T customer, company reveals

Before You Leave, Check This Out