{"id":5357,"date":"2024-09-18T14:20:34","date_gmt":"2024-09-18T19:20:34","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/fcc-att-did-not-protect-cloud-data"},"modified":"2024-09-18T14:20:34","modified_gmt":"2024-09-18T19:20:34","slug":"fcc-att-didnt-adequately-protect-customers-cloud-data","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/18\/fcc-att-didnt-adequately-protect-customers-cloud-data\/","title":{"rendered":"FCC: AT&amp;T Didn&#8217;t Adequately Protect Customers&#8217; Cloud Data"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt0fd041d9a1a8ba5e\/66eb1a7819e89055d020d109\/FCC_HQ_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The Federal Communications Commission fined AT&amp;T $13 million and ordered it to tighten up its privacy and security practices in the wake of a catastrophic third-party compromise.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The commission also used its authority under the Communications Act of 1934 to extend consumer protections to the cloud, finding AT&amp;T failed to maintain proper oversight of a third-party provider.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That vendor, data warehousing provider Snowflake, <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/att-breach-may-also-impact-millions-of-boost-cricket-h2o-customers\" rel=\"noopener\">reportedly was compromised<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> in January 2023, exposing a host of organizations&#8217; sensitive data, among them AT&amp;T&#8217;s. In the weeks that followed the breach, AT&amp;T acknowledged &#8220;nearly all&#8221; its customers were affected by exfiltrated call and text records, phone numbers, and other personally identifiable information.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Following an investigation, the<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/docs.fcc.gov\/public\/attachments\/DA-24-892A1.pdf\" rel=\"noopener\"> FCC ruled on Sept. 16<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that Snowflake should have been required to &#8220;destroy or return&#8221; the information years prior to the incident, and finding AT&amp;T responsible for failing to appropriately protect its customer data.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The Commission expects carriers to meet the requirement of the [Communications Act of 1934] and the Commission&#8217;s rules, including to take &#8216;every reasonable precaution&#8217; to protect customers&#8217; proprietary or personal information,&#8221; the agency said in its ruling. &#8220;That includes reasonable practices as they relate to cloud security, data retention, and disposal.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In addition to the fine, the FCC ordered AT&amp;T to improve its overall information security controls and practices, including &#8220;multifaceted vendor controls and oversight.&#8221;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/fcc-att-did-not-protect-cloud-data\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Federal Communications Commission fined AT&amp;T $13 million and ordered<\/p>\n","protected":false},"author":12,"featured_media":5358,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=2180%2C1294&ssl=1",2180,1294,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=300%2C178&ssl=1",300,178,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=640%2C380&ssl=1",640,380,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=640%2C380&ssl=1",640,380,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=1536%2C912&ssl=1",1536,912,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=2048%2C1216&ssl=1",2048,1216,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=1024%2C608&ssl=1",1024,608,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/fcc-att-didnt-adequately-protect-customers-cloud-data.jpg?fit=2180%2C1294&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5357"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5357\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5358"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}