AT&T is paying $25 million in a settlement with federal regulators over data breaches at three call centers in Latin America that compromised customer data for some 280,000 U.S. customer accounts.
The Federal Communications Commission announced the action Wednesday. It was the agency’s largest privacy and data-security enforcement action to date.
The breaches occurred from November 2013 to April 2014 at AT&T call centers in Mexico, Colombia and the Philippines, the FCC said. Most customers were Spanish-speaking U.S. residents whose calls were routed to those centers.
Call center employees were paid by third parties to obtain customer information such as names and full or partial Social Security numbers. The data were used to submit online requests for cellular handset unlock codes for stolen cellphones, the agency said.