AT&T to pay $13 million to settle FCC probe over cloud data breach

AT&T to pay $13 million to settle FCC probe over cloud data breach

Tips to protect yourself from a data breach

Tips to protect yourself from a data breach

02:48

AT&T has agreed to pay $13 million to settle a federal investigation into whether the mobile phone service provider failed to protect customer information in connection with a data breach last year, the Federal Communications Commission said Tuesday.  

The FCC’s probe focused on how AT&T’s privacy, cybersecurity and vendor management practices may have played a role in the January 2023 breach, in which hackers penetrated the company’s cloud system. The breach exposed data belonging to nearly 9 million wireless customers. 

As part of the settlement, AT&T entered a consent decree that requires the telecommunications giant to enhance its data governance practices, increase its supply chain integrity, and ensure appropriate processes and procedures in handling sensitive data.

statement. “Carriers must take additional precautions given their access to sensitive information, and we will remain vigilant in ensuring that’s the case no matter which provider a customer chooses.

FCC Enforcement Bureau Chief Loyaan A. Egal also said telecom firms “have an obligation to reduce the attack surface and entry points that threat actors seek to exploit in order to access sensitive customer data.”

AT&T has been subject to subsequent breaches, including an April cyberattack it disclosed in July in which hackers “nearly all” of its cellular customers’ text and call records for a six-month period between May 1, 2022 to Oct. 31, 2022.

For its part, AT&T told CBS News that “protecting our customers’ data remains one of our top priorities.”

AT&T said that when a vendor it previously used was breached, its own wireless customer data was exposed. 

“Though our systems were not compromised in this incident, we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices,” a spokesperson said. 

More

Source: cbsnews.com