Earlier Wednesday, the FCC confirmed that telecommunications giant AT&T would pay out a $25 million settlement over an investigation regarding previous data breaches that picked up social security numbers, names, and CPNI. The fine ranks as the largest one dished out by the FCC for security and privacy violations according to the New York Times.
The FCC said that some 280,000 customers in the U.S were affected by the breach which originated out of AT&T’s call centers in Colombia, Mexico, and the Philippines. The breach in Mexico took place between November 2013 and April 2014. The FCC began looking into things in May 2014 after AT&T reported it and by September AT&T had severed ties to the center.
In the course of its investigation, the FCC found that information was stolen by at least two employees with AT&T who confessed to the crime. The employees said that they worked from a pool of phone numbers and that information was requested by to an individual known as “El Pelón” or “the bald man.”
AT&T informed the FCC of activity coming out of its Colombia and Philippines-based call centers and that 40 employees in both centers picked up information for some 211,000 customers. AT&T took steps to protect customer information when it was found that three managers had been involved in suspicious activity involving data in Bogota.