The Federal Communications Commission (FCC) has fined AT&T $25 million for a privacy breach after the personal information of hundreds of thousands of customers was stolen by the carrier\u2019s own support representatives.<\/p>\n
<\/p>\n
AT&T call center workers in Mexico, Colombia, and the Philippines were found to have taken the names and Social Security numbers of around 300,000 customers in the United States before selling it on to third parties.<\/p>\n
\u201cIn Mexico, the information was gathered from November 2013 to April 2014, and sold to a third party who went by the alias El Pel\u00f3n,\u00a0referring to a bald man in Spanish,\u201d reports\u00a0The New York Times.\u00a0<\/em>Workers were asked to find the names and details corresponding to certain phone numbers that El Pel\u00f3n had provided.<\/p>\n It\u2019s thought the data was then used to try to activate stolen cellphones that were being imported into the country. More than 290,800 handset unlock requests were made through AT&T\u2019s website using stolen customer information.<\/p>\n AT&T, which already ended its contract with the Mexican call center last September \u2014 four months after the FCC first began investigating the breach \u2014 said it has since changed its policies and strengthened operations.<\/p>\n \u201cWhile any misuse of customer information is serious, we have no reason to believe that the information was used for identity theft or financial fraud against our customers,\u201d the carrier added.<\/p>\n In addition to its $25 million fine, AT&T must notify all customers affected by the privacy breach and provide credit-monitoring services,\u00a0The Times\u00a0<\/em>reports.<\/p>\n The investigations into call centers in\u00a0Colombia and the\u00a0Philippines are still ongoing. The data breaches there were not discovered until later, with AT&T first reporting them to the FCC this year.<\/p>\n