AT&T to Pay FCC $13M for Vendor Data Breach

AT&T is paying $13 million to settle a Federal Communications Commission (FCC) investigation in connection with a vendor’s data breach in 2023.

According to the FCC, AT&T used the unnamed vendor to generate and host personalized video content, including billing and marketing videos, for AT&T customers. Under AT&T’s contracts, the vendor should have destroyed or returned AT&T customer information when no longer needed to fulfill contractual obligations, which ended years before the data breach occurred.

AT&T failed to ensure the vendor adequately protected the customer information, and returned or destroyed it as required by contract, the FCC said.

Threat actors in January 2023 stole information about AT&T customers from the vendor’s cloud environment, according to the agency. The investigation centered on whether AT&T failed to protect customer information and engaged in “unreasonable privacy, cybersecurity and vendor management practices” in connection with the data breach.

Read the full story at IoT World Today's sister publication Channel Futures.