AT&T agrees to pay $13 million FCC fine for cloud data leak

AT&T Inc. agreed to pay $13 million to settle a US Federal Communications Commission investigation into whether the telco failed to protect customer data that was stolen when a cloud provider was hacked last year.

The unnamed provider suffered a data breach in early 2023 that exposed the information of nearly 9 million AT&T Mobility customers. The data included subscriber information from 2015 to 2017 — such as the number of phone lines associated with a particular account — but not sensitive personal information such as Social Security or credit card numbers, AT&T said.

AT&T failed to secure data shared with the provider and failed to ensure that the company deleted or returned the information as required by contract, the FCC said. As part of the settlement, AT&T agreed to improve its internal practices and handling of vendor data.

In July, AT&T suffered another, much larger data breach through cloud platform Snowflake Inc. that exposed call and text metadata for nearly all of its mobile customers over several months of 2022. It also disclosed a data leak on the dark web in March that affected 73 million. customers and the disclosure of social security numbers and account access codes.

Top photo: An AT&T store in New York, U.S., Monday, Jan. 22, 2024. AT&T Inc. is scheduled to release earnings figures on January 24.

Copyright 2024 Bloomberg.