AT&T Call Centers Sold Mobile Customer Information To Criminals

itwbennett writes Employees at three call centers in Mexico, Colombia and the Philippines sold hundreds of thousands of AT&T customer records, including names and Social Security numbers, to criminals who attempted to use the customer information to unlock stolen mobile phones, the U.S. Federal Communications Commission said. AT&T has agreed to pay a $25 million civil penalty, which is the largest related to a data breach and customer privacy in the FCC's history.

Hand slap, LOL.

So that's what? 1/500th of a month's revenue for AT&T? Geez, they must be stinging for that hand slap!

Re:Hand slap, LOL.

[BronsCon]

So they won't do this again, they'll do something else, and it'll be the first time they did that. Will just a slap on the wrist be okay, then, too? This isn't the first time AT&T has fucked their customers, that's SPO for them, but let's look at it in as fine-grained of a manner as possible and say "it's okay, just don't do this exact thing again".

Or, maybe they will do it again but, next time, they'll sell information to criminals using the information for identity theft instead of unlocking stolen phones. Is that different enough to warrant yet another slap on the wrist?

Wake the fuck up and realize that AT&T, Comcast, and the like will simply adjust their behavior just enough that people like you well say "oh, well that's something different" so they never suffer anything amounting to more than a warning shot across their bow, as they've been doing for decades, until people like you stop accepting it.

Time for Proportional Fines

[Jahoda]

It is time to adopt a system similar to Finland, where fines for infractions such as speeding is proportional to income and ability to pay. For AT&T to pay $25 million for this kind of ridiculous breach in security is outrageous. Exactly what economic incentive does AT&T have to change their ways or improve security? If you answered "None. Zero. zip. Zilch.", you win the prize!

Aha

[tekrat]

That explains the increase I just saw in my bill. An extra $15... they are already trying to squeeze their customers to pay for the fine.

Re:RTFA

[BronsCon]

AT&T didn't sell the information this time. Some AT&T employees stole the information and sold it. AT&T is being fined for having lax procedures that allowed the original theft.

Yes, they allowed the data to be stolen. They didn't put in place anything even resembling reasonable access restrictions, no safeguards to keep the low-level employees who don't need customers' social security numbers and banking information (yes, they have access to that, too; it's amazing that wasn't also stolen, or maybe it was) from accessing that information. In fact, not only did they not prevent said access, they fed them the data, they put it right there in the portal they provide their support reps, where it's on display for the duration of the support call. It's not a matter of incompetent security measures, it's a matter of gross negligence in how they handle customer data and they should bear much more liability for that negligence than one might be expected to bear for incompetence.

What is your solution?

Maybe a fine that equates to a liability of more than $100 per person whose data they allowed to be stolen and sold? After all, this trial was about liability, right? And damages? Maybe convincing them to fix the problem? I don't think 0.02% of their annual revenue will do that.

By the way, the use of profanity does not strengthen your argument.

Well, I guess it's a good thing my intent was to express frustration, then.