The Federal Communications Commission has entered a $25 million settlement with AT&T Services, Inc. to resolve an investigation into consumer privacy violations at AT&T’s call centers in Mexico, Colombia, and the Philippines. The data breaches involved the unauthorized disclosure of almost 280,000 U.S. customers’ names, full or partial Social Security numbers, and unauthorized access to protected account-related data, known as customer proprietary network information (CPNI). This is the FCC’s largest privacy and data security enforcement action to date.
According to an investigation by the FCC’s Enforcement Bureau, these data breaches occurred when employees at call centers used by AT&T in Mexico, Colombia, and the Philippines accessed customer records without authorization. These employees accessed CPNI while obtaining other personal information that was used to request handset unlock codes for AT&T mobile phones, and then provided that information to unauthorized third parties who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock. "As the nation's expert agency on communications networks