AT&T Settles $13M FCC Investigation Over Data Breach
On September 17, 2024, the Federal Communications Commission (“FCC”) announced a $13 million settlement with AT&T, resolving an investigation by the FCC’s Enforcement Bureau into whether AT&T failed to adequately protect customer information during a data breach involving one of its vendors.
Background
AT&T hired a third-party vendor to create and host personalized videos for its customers, including billing and marketing content. The contract stated that the vendor had to return or destroy customer data when it was no longer needed. However, AT&T did not enforce this requirement and failed to ensure that the vendor handled customer information properly.
In January 2023, threat actors exfiltrated AT&T customer information from the vendor’s cloud database, bringing to light concerns about the company’s privacy and security practices. The FCC’s investigation examined whether AT&T failed to protect customer information and whether its practices around cybersecurity, privacy, and vendor management were reasonable in light of the breach.
Settlement and Consent Decree
As part of the settlement, AT&T has entered into a Consent Decree with the FCC. In addition to the $13 million civil penalty, the Consent Decree commits AT&T to bolstering its data governance practices, with a focus on supply chain integrity and improving its processes for handling sensitive data.
The aim is to ensure that AT&T, as well as its vendors, take the necessary precautions to safeguard customer information and prevent similar breaches in the future.
Key Reforms in AT&T’s Privacy and Data Security Practices
The Consent Decree’s expansive consumer privacy and data protection terms include requirements to:
- Enhance tracking of customer data as part of a data inventory program;
- Require vendors to adhere to retention and disposal obligations; • Implement multifaceted vendor controls and oversight;
- Implement a comprehensive Information Security Program to include broad customer data protections; and
- Conduct annual compliance audits.
These “Consumer Privacy Upgrades” are designed to address the vulnerabilities that led to the breach and will likely require AT&T to make considerable investments into its data security infrastructure. Implementation and compliance will be monitored by the FCC.
The FCC’s Broader Focus on Privacy and Data Protection
The settlement highlights the FCC’s commitment to holding carriers accountable for the actions of their vendors. Enforcement Bureau Chief Loyaan A. Egal echoed this sentiment, stating that the settlement sends a strong message “(T)hat the Enforcement Bureau will not hesitate to take action against service providers that choose to put their customers’ data in the cloud, share that data with their vendors, and then fail to be responsible custodians of that data.”
FCC Chairwoman Jessica Rosenworcel emphasized the role of carriers in protecting customer data, saying that “The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches.”
In 2023, Chairwoman Rosenworcel had established the Privacy and Data Protection Task Force, a working group focused on the rulemaking, enforcement, and public awareness needs in the privacy and data protection sectors, including vulnerabilities involving third-party vendors that service regulated communications providers.
Conclusion
The FCC’s settlement with AT&T marks a significant step in addressing the complex challenges of data security and vendor oversight in the telecommunications sector. This settlement sets an important precedent for other telecommunications companies to follow and highlights the need for enhanced security practices across the industry.
You can read the consent decree here: In the Matter of AT&T Services Inc.
Reach Out
Don’t hesitate to reach out to us to discuss your specific needs. Our team is ready and eager to provide you with tailored solutions that align with your firm’s goals and enhance your digital marketing efforts. We look forward to helping you grow your law practice online.
Our Services:
Blog Post Writing
We do well-researched, timely, and engaging blog posts that resonate with your clientele, positioning you as a thought leader in your domain. Content Writing: Beyond blogs, we delve into comprehensive content pieces like eBooks, whitepapers, and case studies, tailored to showcase your expertise.
Website Content Writing
First impressions matter. Our content ensures your website reflects the professionalism, dedication, and expertise you bring to the table.
Social Media Management
In today’s interconnected world, your online presence extends to social platforms. We help you navigate this terrain, ensuring your voice is consistently represented and heard.
WordPress Website Maintenance
Your digital office should be as polished and functional as your physical one. We ensure your WordPress site remains updated, secure, and user-friendly.
For more information, ad placements in our attorney blog network, article requests, social media management, or listings on our top 10 attorney sites, reach out to us at seoattorneyservices@gmail.com.
Warm regards,
The Personal Injury Attorney Costa Mesa Team
AD SPACE FOR RENT
Source link







