AT&T and FCC settle after call center workers sold customer data

AT&T has paid $25 million to settle a case with the Federal Communications Commission, it has been announced. The reason revolves around a privacy breach concerning the service provider, which is said to have had confidential customer data leaked via its call center workers to third-party resellers. The reason was so that the resellers could unlock the used phones they acquired, according to the FCC. This is said to have included some pretty serious data disclosures, including giving away subscribers' Social Security numbers.

According to the FCC, some AT&T call center workers provided the aforementioned confidential data to the resellers in exchange for compensation. The breach involved workers located in the Philippines, Mexico, and Colombia. In one case, a Mexican buyer gave the call center sources a list of accounts for which data was requested.

In late 2013, AT&T made changes to how phones could be unlocked, requiring that some information to be entered into AT&T's website, including the former owner's email, the last four digits of his or her Social Security number, and more. This made it difficult to unlock the used smartphones, putting a damper on the market.

It's not surprising, then, that the AT&T data breach started in November 2013. According to the FCC, a trio of Mexican call center employees accessed in excess of 68,000 customer accounts sans permission in exchange for payment. With that information, the resellers were able to send more than 290,000 phone unlock requests. The numbers were even higher in the Philippines and Colombia, where approximately 40 workers accessed 211,000 accounts.

SOURCE: The Wall Street Journal