What you might want to know
- The FCC fined AT&T $13 million for a cloud safety failure that uncovered delicate buyer information final yr, equal to a payment of about $1.46 per buyer uncovered.
- In 2023, a former AT&T cloud vendor was hacked, compromising information for 8.9 million prospects.
- The seller was presupposed to delete buyer information after it was not wanted however held onto it for years, resulting in the breach.
The Federal Communications Fee has slapped AT&T with a $13 million high quality over a cloud safety slip-up that led to a knowledge breach final yr, leaving prospects’ delicate private data uncovered to exterior events.
In 2023, a former AT&T cloud vendor was hacked, exposing the information of 8.9 million prospects. The FCC’s press launch (by way of Ars Technica) says AT&T didn’t do sufficient to guard buyer data.
AT&T handed over buyer information to the seller between 2015 and 2017 to create personalised video content material. The shopper data was presupposed to be returned or deleted as soon as it was not essential—one thing that ought to have been executed lengthy earlier than the breach occurred.
Their contract required AT&T to verify the information was securely deleted by 2018. Nevertheless, the seller held onto the information for years, which finally led to the 2023 breach.
The FCC acknowledged that AT&T not solely dropped the ball on ensuring the seller safeguarded buyer information but in addition didn’t comply with up to make sure it was returned or deleted.
Fortunately, the breached information didn’t embody delicate data like passwords, Social Safety numbers, or bank card particulars. Most of what was uncovered associated to buyer accounts, like billing balances.
As a situation of the settlement, AT&T has vowed to strengthen its information administration practices and arrange clear protocols for safeguarding buyer data. These enhancements are anticipated to be fairly expensive, seemingly exceeding the $13 million high quality.
Though the 2023 information breach was a serious occasion, it wasn’t AT&T’s first run-in with such points. Final April, the corporate needed to reset passwords for round 73 million prospects after their credentials had been discovered on the darkish net. This incident sparked a flurry of class-action lawsuits from affected prospects.
In July, the provider revealed that a big chunk of its prospects’ telephone and textual content data was compromised in an information breach linked to the cloud platform Snowflake. The fallout additionally affected prospects of AT&T-owned networks like Cricket Wi-fi and different carriers that use AT&T’s infrastructure.