AT&T agreed to pay a $13 million fine because it gave customer bill information to a vendor in order to create personalized videos, then allegedly failed to ensure that the vendor destroyed the data when it was no longer needed. In addition to the fine, AT&T agreed in a consent decree announced today by the Federal Communications Commission to stricter controls on sharing data with vendors.
In January 2023, years after the data was supposed to be destroyed, the vendor suffered a breach “when threat actors accessed the vendor’s cloud environment and ultimately exfiltrated AT&T customer information,” the FCC said. Information related to 8.9 million AT&T wireless customers was exposed.
Phone companies are required by law to protect customer information, and AT&T should not have merely relied on third-party firms’ assurances that they destroyed data when it was no longer needed, the FCC said.
8.9 million peoples’ private info is stolen, and AT&T gets a fine of $13 million. That’s $1.46 per person.
Congrats, the identity theft that ruined your credit for nearly a decade and has you hounded by collections agents every day is worth less than tree fiddy.