The Federal Communication Commission ("FCC") has reached a US$25 million settlement with the telecom company AT&T, after AT&T had to protect customers' personal information.
Between the years 2013 and 2014, employees at AT&T’s call centers in Mexico, Colombia and the Philippines, stole personal information from nearly 300,000 AT&T's customers. The employees, who systematically stole accounts information that included, among others, the customers' social security numbers and credit cards information, subsequently sold the information to individuals who used it for different purposes.
After the FCC announced it will bring a complaint against AT&T for failing to secure the personal information of its customers, the two parties agreed to a US$25 million fine, including a list of requirements to be complied with by AT&T. The first of these is the appointment of a compliance manager, who will be in charge of verifying AT&T's compliance with the FCC's regulations and filing security and compliance reports to the FCC. The second is making sure that AT&T will finalize its compliance process within 90 days. The third is that AT&T will continue to file compliance reports to the FCC after 6, 12, 24 and 36 months. Finally, AT&T is required to notify all affected customers, and provide them with credit monitoring services.