NEW YORK, April 8 (Reuters) - The Federal Communications Commission reached a $25 million settlement with AT&T Inc over a consumer data breach at call centers in Mexico, Colombia and the Philippines, the U.S. communications regulator said on Wednesday.
The breaches led to unauthorized disclosure of names and full or partial Social Security numbers and illegal access to account information of about 280,000 U.S customers of AT&T, a senior FCC official told reporters on a conference call.
The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties who seem to have been trafficking stolen cell phones, the official said. The breaches occurred in 2013 and 2014.
AT&T said in a statement: “Unfortunately, a few of our vendors did not meet that standard and we are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations.”
The $25 million civil penalty levied on the No. 2 wireless carrier is the largest data security enforcement action to date, the FCC official added.
In October, the FCC imposed a $10 million fine on telecom companies TerraCom and YourTel for consumer privacy breaches. (Reporting by Malathi Nayak; editing by Matthew Lewis)