Call Centers Hit by $25 Million Fine for Customer Data Breaches

The Federal Communications Commission (FCC) has fined AT&T Services, Inc. (NYSE:T) call centers in Mexico, Colombia, and the Philippines.

While customer privacy is an imperative part of the customer care strategy, more steps still need to be taken to protect customer data this news has shown.

The AT&T violations that have surfaced involved a breach of data and the unauthorized disclosure of almost 280,000 names of US customers in addition to full or partial Social Security numbers and unauthorized access to protected account-related data, also known as customer proprietary network information (CPNI).

The FCC’s Enforcement Bureau investigated the matter and found that the data breaches occurred when employees at call centers used by AT&T in Mexico, Colombia, and the Philippines accessed customer records without authorization.

These employees accessed CPNI as well as other personal information, which was then used to request handset unlock codes for AT&T mobile phones. The employees provided that information to unauthorized third parties who, according to the FCC, appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock.

Tom Wheeler, Chairman of the Federal Communications Commission , said: "As the nation's expert agency on communications networks, the Commission cannot — and will not —stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud."

As a condition of settlement, AT&T will pay a $25 million civil penalty, the FCC’s largest privacy and data security enforcement action to date. The company will also have to notify all of its customers whose accounts were improperly accessed. In addition, the telecoms company will be required to improve its privacy and data security practices by appointing a senior compliance.

"Consumers trust that their phone company will zealously guard access to sensitive personal information in customer records," added Travis LeBlanc, Chief of the Enforcement Bureau.

"The agreement shows the Commission’s unwavering commitment to protect consumers’ privacy by ensuring that phone companies properly secure customer data, promptly notify customers when their personal data has been breached, and put in place robust internal processes to prevent against future breaches. We hope that all companies will look to this agreement as guidance."

This investigation serves as a lesson for any CX leaders, regardless of whether you're in the telecoms industry or not, working with sensitive customer data. Do you have the right security in place to protect your customers?