AT&T Fined $25 million for Datasecurity Breaches

Earlier this week, the Federal Communications Commission (@FCC) hit AT&T with a $25 million fine for data security breaches. The fine was the largest ever levied by the FCC as part of a data security action.

According to the Washington Post, the breaches occurred in AT&T’s foreign call centers in Mexico, Colombia and the Philippines and resulted in the exposure of “hundreds of thousands of customer records, including names, phone numbers and some Social Security numbers.” (Source: Washington Post, “AT&T will pay $25 million after call-center workers sold customer data,” April 8, 2015).

WaPo ATT article
$25 million fine against AT&T marks the FCC’s largest data security action ever.

“As many as 279,000 AT&T customers may have been affected by the unauthorized leaks, regulators said. Those customers will receive free credit monitoring as part of the official settlement. The agreement also requires at AT&T to appoint a privacy official who will review the company’s policies and strengthen its security.” (emphasis added).

The fine is not only an indicator of the mounting and increasing costs associated with data breaches, but also a reminder of how vendors constitute a significant data security exposure: three AT&T contractors improperly used 68,000 customer records to request more than 290,000 unlock codes from AT&T.

Despite the fact that the FCC fine was the largest in its history for a data security breach, some experts called the fine inadequate. Chris Conacher, director of security research and development at cybersecurity vendor Tripwire (@TripwireInc), said the fine amounted to a “slap on the wrist” for AT&T. (Source: Computerworld, “AT&T’s data breach settlement called a ‘slap on the wrist’,” April 9, 2015).


AT&T reported revenue of $34.4 billion for the fourth quarter of 2014, alone.

It is likely that AT&T won’t feel much of an impact from this fine; however, for companies without the carrier’s vast reach, resources or balance sheet, the FCC fine is a stark reminder that data security breaches do come with a cost, and that companies would do well to sure up their defenses and choose their partners wisely when it comes to protecting their information and that of their customers.

One thought on “AT&T Fined $25 million for Datasecurity Breaches”

  1. A $25 million fine is a joke. Not only will AT&T not feel it, they made more than that selling the data. If you think AT&T did not make any money on the sale of the data, you are a fool. The second issue that is horrifically laughable is: who gets the $25 million? Certainly not the customers whose data got leaked! Of course, those customers get “free credit monitoring”. Yea! I get some other giant company with an overseas call center (that has an average on hold time of 4 hours) sending me junk mail and selling my personal and contact information to data security vendors and other related companies! Be ready for the avalanche of junk mail and robo calls!!

Leave a Reply

Your email address will not be published. Required fields are marked *