AT&T Agrees to Pay $13 Million FCC Fine For Cloud Data Leak

September 18, 2024

AT&T Inc. agreed to pay $13 million to settle an investigation by the US Federal Communications Commission into whether the telecommunications company failed to protect customer data that was stolen when a cloud vendor was hacked last year.

The unnamed vendor experienced a data breach in early 2023 that exposed the information of nearly 9 million AT&T Mobility customers. The data included subscriber information from 2015 to 2017 — such as the number of phone lines associated with a particular account — but not sensitive personal information like Social Security or credit card numbers, AT&T said.

AT&T failed to secure the data shared with the vendor and didn’t ensure that the company deleted or returned the information as it was contractually required to do, the FCC said. As part of the settlement, AT&T agreed to improve its internal and vendor data-handling practices.

In July, AT&T suffered another, much broader data breach via cloud platform Snowflake Inc. that exposed call and text metadata for almost all of its mobile customers during several months of 2022. It also disclosed a dark-web data leak in March affecting 73 million customers and exposing Social Security numbers and account passcodes.