AT&T has agreed to a $13 million settlement to compensate 8.9 million customers affected by a major data breach. The breach, which occurred in January 2023, has drawn scrutiny from federal regulators, with the Federal Communications Commission (FCC) leading an in-depth investigation into the incident.

On Tuesday, the FCC confirmed the settlement, closing a chapter on what has been one of the most significant data breaches in recent telecom history. The breach reportedly exposed sensitive customer data dating back to 2015, including billing details and account information. Although no credit card numbers or Social Security details were compromised, the exposed information included account balance details, rate plans, and the number of lines associated with each account.

FCC Chair Jessica Rosenworcel expressed concern over the breach, emphasizing that telecom companies must safeguard customer data. “Carriers have a duty to protect the privacy and security of consumer data,” Rosenworcel told Reuters. She highlighted the heightened responsibilities of companies in the digital age, where data breaches have far-reaching consequences.

The investigation revealed that a cloud vendor mishandled AT&T’s customer data, which should have been deleted by 2018. Despite AT&T’s core systems remaining intact, the company faced intense criticism for failing to secure sensitive customer information.

AT&T to Strengthen Security Measures After FCC Settlement

In response, AT&T stated it would enhance internal data management and vendor practices to prevent future breaches. “Though our systems were not compromised, we are taking steps to improve how we manage customer information internally,” an AT&T spokesperson said.

FCC Sends Strong Message to Telecom Industry

The $13 million settlement highlights the FCC’s growing focus on protecting consumer data. The investigation and subsequent fine serve as a stark reminder to telecom companies about their obligations to protect customer information in the digital age.