The US authorities have slapped AT&T with a $25m data breach fine after two staff confessed they were selling data to a person known only as El Pelon, apparently slang for “The Bald One”.
The breaches occurred at AT&T’s call centres in Mexico, Colombia, and the Philippines, and involved personal data relating to nearly 280,000 people. The information accessed included Social Security numbers, names, and other account data.
The US Federation Communications Commission said it would “not stand idly by when a carrier’s lax data security practices expose personal information”.
According to the regulator’s report, the breach spanned 168 days at AT&T’s Mexico call centre, where three employees illegally accessed nearly 70,000 accounts.
The so-called Bald One went on to use around 50,000 of these records to file 290,000 unlock requests via AT&T’s online system, beleived to be a way of unlocking stolen phones ready for use on other networks.
The $25m fine is the largest the authority has dished out to date over security enforcement. It has also ordered the company to hire a senior data security compliance manager, develop a new compliance plan, and train its staff on privacy policies.
