Communications Daily is a Warren News publication.

AT&T Agrees to Pay $13M Fine Following Vendor Data Leak

AT&T agreed to pay $13 million and strengthen its data retention practices to settle an FCC Enforcement Bureau investigation into the integrity of the carrier’s supply chain and “whether it failed to protect the information of AT&T customers in connection…

Sign up for a free preview to unlock the rest of this article

Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!

with a data breach of a vendor’s cloud environment,” said a Tuesday news release from the FCC. The agency refers only to “Vendor X.” In January 2023, the vendor “suffered a data breach that exposed information” of nearly 9 million AT&T wireless customers, according to a consent decree. “AT&T failed to ensure the vendor: (1) adequately protected the customer information, and (2) returned or destroyed it as required by contract,” the FCC said. “The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches,” said FCC Chairwoman Jessica Rosenworcel. Protecting customer data is a top AT&T priority, a spokesperson said in an email. “A vendor we previously used experienced a security incident last year that exposed data pertaining to some of our wireless customers,” the spokesperson said: Though AT&T systems weren’t compromised “we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices.”