FCC Calls AT&T Out for Failure to Prevent Vendor Breach

The Federal Communications Commission held AT&T responsible for failing to protect its customer’s personal information when one of its third-party vendors suffered a breach, exposing almost 9 million AT&T users’ customer data. AT&T agreed to pay $13 million in fines to settle claims that company had failed to properly supervise its vendor, who held information that should have been delete long ago. As part of the consent decree, AT&T also committed to strengthening its data governance practices to increase cybersecurity of its downstream vendors.