AT&T Reaches $13 Million Settlement with FCC Over 2023 Data Breach

AT&T has reached a $13 million settlement with the Federal Communications Commission (FCC) following a significant data breach that compromised the personal information of approximately nine million customers. The breach, which occurred in January 2023, involved unauthorized access and sale of customer data by third-party vendors employed by the firm.

The breach began when AT&T’s third-party vendors, responsible for managing customer data, mishandled sensitive personal information, primarily Customer Proprietary Network Information (CPNI). This information includes phone numbers, names, and service-related details. The vendors accessed this data without proper authorization and sold it to external parties, putting millions of AT&T customers at risk.

The FCC’s investigation revealed that AT&T’s vendors had accessed and misused the CPNI of around 9 million customers without proper consent. AT&T was found to have failed in adequately protecting this sensitive customer information, violating FCC rules surrounding CPNI protection.

To resolve the investigation, AT&T agreed to pay a $13 million fine to the FCC. The settlement reflects the seriousness of the breach and its potential harm to customers. AT&T has committed to implementing enhanced security measures, including tighter oversight of third-party vendors, more stringent access controls, and regular security audits.

The breach has impacted millions of AT&T customers, exposing them to risks like identity theft and financial fraud. Customers have expressed concerns over how their personal data was handled and are wary of future breaches. AT&T has initiated customer-centric initiatives, including free identity theft protection services for those affected.

The settlement serves as a warning to other telecommunications providers about the importance of securing customer data. The FCC emphasized the need for companies to be vigilant in their data protection practices, especially when working with third-party vendors handling sensitive customer information.