The FCC said it may fine both AT&T and Alltel for not fully proving they had complied with federal regulations that protect customer data. The $100,000 fines are the latest development in the ongoing investigation into online data brokers that sell wireless subscribers' call history to anyone who can provide the subscriber's phone number. The FCC says that AT&T did not provide proof that the pre-SBC AT&T adequately safeguarded their subscribers' call history, since the company only provided documents for SBC. The company says the old AT&T had safeguards in place, but they are unable to locate the documents that prove it. The FCC says Alltel only provided a statement about how it uses customer data, but provided no certification of safeguards.
Insiders say the data brokers obtain their information through social engineering and not by hacking into carriers' databases. Verizon says they use a different tactic. The company recently followed a lawsuit claiming that data brokers have made "thousands" of calls to its call center under the guise of a nonexistent "special needs" division of Verizon, which callers claimed was designed to help speech-impaired customers. They then allegedly convinced the operator to divulge others' call histories. Apparently, they will stop at nothing.
The FCC and lawmakers everywhere are looking into whether the data brokers or carriers that maintain the leaked records broke any laws. The regulators have also given carriers until February 6 to make the case that they complied with FCC rules.
For more on the FCC and data brokers:
- check out this article from the ArkansasBusiness.com
- and this blog entry from Engadget on Verizon's lawsuit
PLUS: Sprint Nextel sues another alleged data broker. Article