ATT ordered to pay 13M settlement in latest setback for company Cybernews

p 2024 Cybernews Latest Cybersecurity and Tech News Research AnalysisppAfter allegedly paying nearly 400000 for a ransom in May ATT is reaching for its wallet again This time its to settle a cloud breach investigation led by the FCCppIn a press release on September 17th 2024 the Federal Communications Commission FCC announced a 13 million settlement with ATT to resolve an Enforcement Bureau investigation into the companys supply chain integrity and whether it failed to protect the data of ATT customersppIn January 2023 the telecom company experienced a massive breach when threat actors accessed the data of approximately nine million ATT wireless accounts This data was stored by a vendor contracted to create personalized video content including billing and marketing videos The company has not disclosed the vendor involvedppThe Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data and that responsibility takes on new meaning for digital age data breaches said FCC Chairwoman Jessica Rosenworcel in a press release ppThe US Communications Act of 1934 and FCC rules require telecom companies to protect customers personal information and ensure the security of their data ppThis includes responsibility for cloud and vendor security and following best practices for data storage disposal and vendor management The Act also holds carriers accountable for the actions of their agents and contractorsppCarriers must take additional precautions given their access to sensitive information and we will remain vigilant in ensuring thats the case no matter which provider a customer chooses Rosenworcel addedppTo conclude the investigation ATT agreed to enhance its data governance practices to protect customers from vendorrelated data breaches in the futureppATTs contract required the vendor to delete or return customer data once it was no longer needed which should have happened years before the breach The investigation found that ATT failed to ensure the vendor properly protected the data or disposed of it as requiredppAs highvalue targets communications service providers have an obligation to reduce the attack surface and entry points that threat actors seek to exploit in order to access sensitive customer data said Enforcement Bureau Chief Loyaan A Egal who also serves as Chair of the FCCs Privacy and Data Protection Task Force ppThe telecommunication giant which serves upwards of 100 million customers in the US has been the target for a series of data breaches ppIn April ATT was affected by a massive data leak Customer data was illegally downloaded from an online database from the company Snowflake affecting nearly all of its customers The exposed data contained phone numbers call durations communications metadata and the number of calls or textsReports soon surfaced that the telecom had paid the infamous hacker gang Shiny Hunters a 370000 ransom demand in May to delete the stolen datappIn March a leaked database with more than 70 million records allegedly stolen from ATT was posted on the illicit marketplace The company reportedly claimed that the data came from a breach that took place in 2021 pp
I hope you had many things to be thankful for this Thanksgiving Its also okay if you felt quite the opposite as the holiday mood may have felt forced upon you
pp
Your email address will not be published Required fields are markedmarked
pp 2024 Cybernews Latest Cybersecurity and Tech News Research Analysisp