AT&T hit with $25M data breach fine

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.

Call it one small step for consumer privacy.

The Federal Communications Commission, or FCC, announced Wednesday that it has fined AT&T $25 million for failing to protect its customers’ personal information.

Why should you care?

The fine is related to a series of data breaches at AT&T call centers in Mexico, Colombia and the Philippines that resulted in the unauthorized disclosure of almost 280,000 U.S. customers’ names and full or partial Social Security numbers. It sets a record as the FCC’s largest data security enforcement action to date.

“As today’s action demonstrates, the commission will exercise its full authority against companies that fail to safeguard the personal information of their customers,” FCC chairman Tom Wheeler said in a press release.

The rest of the story

The FCC began investigating a 168-day data breach back in May 2014. The breach is believed to have taken place at a call center in Mexico between November 2013 and April 2014. According to the FCC, the center’s employees were paid by a third parties to obtain personal information — names and the last four digits of customers’ Social Security numbers — that could be used to submit handset unlock requests for mobile phones through AT&T’s website. The FCC said these third parties “appear to have been trafficking in stolen cell phones or secondary market phones….”

During the investigation, the FCC discovered similar schemes were underway in the Philippines and Colombia.

AT&T says it has terminated its relationship with the vendor sites responsible for the breaches. As part of the FCC settlement, it is required to notify and provide credit monitoring services to affected customers.

“Protecting customer privacy is critical to us. We hold ourselves and our vendors to a high standard,” the company said in an email. “We’ve changed our policies and strengthened our operations. And we have, or are, reaching out to affected customers to provide additional information.”

What steps should be taken to ensure that companies protect your personal information? Let us know in the comments below!

Follow me on Twitter: @JeanineSko.