Lets Review It 4 u
Edgar
Cervantes
/
Android
Authority
TL;DR
-
AT&T
has
finally
reached
a
settlement
with
the
FCC
over
a
previous
data
breach
by
a
third-party
vendor. -
While
AT&T
wasn’t
directly
responsible,
it
didn’t
ensure
customer
data
was
properly
deleted
by
its
vendors. -
AT&T
will
not
only
pay
a
$13
million
fee
but
has
also
agreed
to
implement
changes
that
will
better
protect
customer
data
in
the
future.
AT&T
found
itself
in
some
hot
water
with
the
FCC
back
in
January
2023
when
it
was
discovered
that
a
partnering
vendor
had
suffered
a
data
breach
involving
AT&T
customer
information.
While
AT&T
was
not
directly
responsible
for
the
breach,
it
allegedly
failed
to
ensure
that
the
vendor
had
destroyed
the
data
when
it
was
no
longer
needed,
making
AT&T
liable.
AT&T
has
now
finally
settled
the
issue
with
the
FCC
(via
ArsTechnica),
agreeing
to
pay
a
$13
million
fine
and
implement
stricter
controls
on
sharing
data
with
its
vendors.
The
main
issue
was
that
the
data
collected
should
have
been
destroyed
years
earlier.
Even
though
the
breach
wasn’t
entirely
AT&T’s
fault,
the
law
requires
carriers
to
protect
customer
data.
Therefore,
it
makes
sense
that
the
carrier
would
be
held
accountable
for
having
lax
or
unclear
policies
around
how
to
manage
shared
data.
It’s
worth
noting
that
while
this
is
a
serious
security
issue,
the
breach
did
not
expose
highly
sensitive
information
such
as
credit
card
details,
account
passwords,
or
Social
Security
numbers.
Instead,
it
included
more
basic
information,
like
the
number
of
lines
on
an
account.
We
reached
out
to
AT&T
for
a
statement
on
the
FCC
ruling,
and
here’s
what
their
representative
had
to
say:
“Protecting
our
customers’
data
remains
one
of
our
top
priorities.
A
vendor
we
previously
used
experienced
a
security
incident
last
year
that
exposed
data
pertaining
to
some
of
our
wireless
customers.
Though
our
systems
were
not
compromised
in
this
incident,
we’re
making
enhancements
to
how
we
manage
customer
information
internally,
as
well
as
implementing
new
requirements
on
our
vendors’
data
management
practices.”
What
kind
of
enhancements
is
AT&T
making
exactly?
According
to
the
public
version
of
the
FCC’s
consent
decree,
AT&T
will
be
required
to
make
significant
investments
in
safeguarding
data
shared
with
third-party
vendors.
The
decree
also
states
that
AT&T
must
require
vendors
to
adhere
to
retention
and
disposal
obligations
related
to
customer
information,
limiting
the
quantity
of
customer
data
vulnerable
to
breaches.
Additionally,
AT&T
must
conduct
annual
compliance
audits
on
all
its
vendors,
and
the
FCC
will
be
actively
involved
in
ensuring
AT&T
meets
its
obligations
under
the
settlement.
The
Commission
will
enforce
these
stricter
requirements
for
the
next
three
years.
Overall,
while
this
data
breach
could
have
been
a
much
bigger
deal
if
more
sensitive
information
had
been
exposed,
AT&T
can
easily
afford
the
fines.
Still,
this
is
a
win
for
consumers,
as
it
shows
the
FCC
is
taking
data
breaches
seriously
and
holding
carriers
accountable.
Even
though
companies
like
AT&T
can
handle
the
financial
penalties,
their
reputation
takes
a
hit
if
they
don’t
tighten
security
measures.
Ultimately,
this
means
breaches
like
this
will
hopefully
become
far
less
common
in
the
future.
Got
a
tip?
Talk
to
us! Email
our
staff
at
[email protected].
You
can
stay
anonymous
or
get
credit
for
the
info,
it’s
your
choice.
You
might
like
