In this era of technology, consumers are increasingly worried about protecting their private personally identifiable information. According to the Federal Trade Commission, identity theft topped the list of consumer complaints for 2014, beating out debt collection and imposter scams for the number one spot.  Companies, such as LifeLock, make a profit out of protecting consumers’ identities.

Given the importance consumers place on protecting against identity theft, the recent $25 million enforcement fine the Federal Communications Commission (FCC) has levied against AT&T makes sense. This is the largest privacy and data security enforcement action that the FCC has ever taken, and it sends a clear message that the FCC will hold companies accountable for failing to protect consumers’ information. FCC Chairman Tom Wheeler stated “As the nation’s expert agency on communications networks, the commission cannot — and will not — stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud.” In addition to the $25 million fine, AT&T has agreed to notify the affected customers, as well as pay for credit monitoring services for those customers.

The fine settles an FCC investigation into consumer privacy violations that occurred at AT&T’s contracted call centers in Mexico, the Philippines, and Colombia. Private personally identifiable information, such as names and full or partial Social Security numbers as well as protected account-related data, of almost 280,000 U.S. customers was disclosed and sold by employees of the call centers to unauthorized third parties.  The call center in Mexico suffered a 168-day breach, between November 2013 and April 2014, when three employees accessed over 68,000 accounts and sold the information to third parties who used the customers’ information to unlock secondary market phones. During its investigation of the Mexico call center, the FCC became aware of other data breaches in Colombia and the Philippines. An AT&T company spokesman recently stated “Protecting customer privacy is critical to us. We hold ourselves and our vendors to a high standard. Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information.”

AT&T is not the only company to be recently fined by the FCC for consumer privacy violations. TerraCom and YourTel America were fined $10 million last October for failing to protect customers’ proprietary information. It seems that the FCC has taken a hard stance against companies’ lax data security practices, and consumers’ private personally identifiable information is better off as a result of these actions.

–Erin Webb

 

One Response to AT&T Levied with the Largest Privacy and Data Security Action the FCC has Ever Taken

  1. Kelsey says:

    It is great that the FCC is trying to ramp up enforcement of data security. I wonder if these fines and “players” in the data-driven market will raise enough heads for other stakeholders to take notice? I also find it disturbing that multiple breaches lasted for such long periods of time. Very interesting!