AT&T has no choice but to shell out some serious cash. A $25 million fine issued by the FCC to be exact, for its involvement in a large-scale cybersecurity breach that affected 280,000 customers in 2013 and 2014, Slate reports.
The FCC is making an example out of the telecommunications giant for its data breach faux pas; it’s the largest penalty to date for cracks in cybersecurity. Investigators discovered that call center employees located in Colombia, Mexico, and the Philippines leaked Social Security numbers and account information to access mobile unlock codes, which they sold to cellphone traffickers.
“As today’s action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” said FCC Chairman Tom Wheeler in a statement.
AT&T, as part of the settlement deal, must notify all customers whose accounts were unlawfully accessed. The company also agreed to offer free credit monitoring to all who were affected. While almost 300,000 customers have fallen victim to the data breach so far, Slate adds that the investigation is still ongoing and it’s possible that the agency will discover other impacted customers.
“We are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations,” AT&T said in a statement.
“…The Commission cannot—and will not—stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” Wheeler said, according to CNBC.
AT&T must pay the $25 million in 30 days.