FCC Penalizes AT&T $1.46 for Each Impacted Person in Data Breach
# AT&T Hit with $13 Million Penalty for Data Breach Affecting Cloud-Stored Customer Information
In a landmark decision, the Federal Communications Commission (FCC) has levied a $13 million penalty against telecommunications leader AT&T over a data breach that unveiled sensitive customer information kept in the cloud. The incident, which took place in 2023, affected around 8.9 million AT&T customers, raising grave concerns over the security of cloud data and data handling procedures.
## Essential Information
– **Penalty Amount**: AT&T has been penalized $13 million by the FCC due to a cloud security lapse that laid bare sensitive customer details.
– **Scope of Affected Customers**: The breach involved 8.9 million customers, leading to a fine of about $1.46 for each exposed individual.
– **Breach Origin**: The incident was associated with a previous AT&T cloud vendor that neglected to delete customer data once it was no longer necessary, contrary to the contractual agreement.
### Breach Overview: What Occurred?
The data breach transpired when a previous cloud service provider that collaborated with AT&T from 2015 to 2017 was compromised in 2023. The vendor was tasked with generating tailored video content for AT&T users, necessitating access to user data, inclusive of billing details. As per the FCC, the vendor was obligated to either purge or return the customer data upon project completion. Nevertheless, the vendor retained the data for years, ultimately resulting in the breach.
The FCC’s investigation disclosed that AT&T did not verify that the vendor adhered to the data deletion stipulations detailed in their contract. The agreement mandated that the data be securely eliminated by 2018, but AT&T did not pursue confirmation that this action had been executed. Consequently, the vendor’s inability to eradicate the data rendered it susceptible to the hack in 2023.
### Type of Exposed Information
Fortunately, the breach did not compromise highly sensitive data such as passwords, Social Security numbers, or credit card information. The affected data predominantly consisted of customer account details, including billing balances. While this may appear less critical than other forms of data breaches, it still signifies a substantial infringement on customer privacy and confidence.
### FCC’s Reaction and AT&T’s Responsibilities
The FCC’s announcement, available
Read More