AT&T to pay out $13m over hack that affected millions - here's how you can claim

AT&T has agreed to a $13 million payout to the 8.9 million customers impacted by a data breach in January of last year.

The Federal Communications Commission (FCC) announced on Tuesday that the fine will resolve its investigation into last year's data AT&T breach by a third-party cloud vendor. 

AT&T started notifying customers if they were impacted in March 2023, in line with requirements by the FCC.

The data breach exposed AT&T's customer data from 2015 through 2017, and the FCC explained that the information should have been deleted from the cloud in 2017 or 2018.

Although AT&T customer's credit card information, social security numbers or account information, the company and the FCC said exposed data did include how many lines were on the account, the bill balance and information about their rate plans.

'The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches,' said FCC Chairwoman Jessica Rosenworcel.

As part of its investigation, the FCC required AT&T to sign a Consent Decree, promising to strengthen its data government practices and pay the $13 million settlement.

In response to the fine, Rosenworcel said that 'carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches.' 

AT&T has not confirmed if it will send follow-up emails or letters to those impacted or if it is setting up a website for customers to check if the payout applies to them. 

The unnamed cloud vendor generated and housed personalized video content and held information about billing and marketing videos for customers.

AT&T's contract with the vendor was terminated years before the breach, and the FCC said that at that time, it was no longer necessary to hold the data.

At that time, AT&T should have taken measures to protect customer information and ensured the vendor returned or destroyed the data, which was a specified requirement in the contract.

The commission reported it is also holding AT&T accountable for making 'significant investments' in protecting customers' information that's shared with third parties which 'will likely require expenditures far greater than [the fine].' 

AT&T confirmed it will take steps to increase security measures to protect customer's data and prevent future breaches. 

'Protecting our customers' data remains one of our top priorities,' an AT&T spokesperson told DailyMail.com.

 'Though our systems were not compromised in this incident, we're making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors' data management practices.'

DailyMail.com has reached out to the FCC for comment.