The Federal Communications Commission (FCC) has taken a strong stance, imposing nearly $200 million in fines on AT&T, Sprint, T-Mobile, and Verizon for unauthorized sharing of their customers' sensitive location data. The penalties were announced today as a conclusion to an investigation that highlighted serious breaches of privacy and trust, underscoring a lax attitude towards safeguarding user information.
FCC's investigation into these practices started with alarming public revelations about the carriers' dealings with location data. It was discovered that all four major US carriers had been selling access to their customers' location information to “aggregators.”
These aggregators would then resell this information to third-party location-based service providers, all without the explicit consent of the customers. This practice continued even after initial flags were raised about the security measures—or lack thereof—in place to protect this data from unauthorized access.
The violations centered around the carriers' failure to obtain “affirmative, express customer consent” before sharing their location data, a clear contravention of Section 222 of the Communications Act. This law strictly requires carriers to maintain the confidentiality of customer information and implement reasonable protections against unauthorized access.
Here's a breakdown of the fines imposed:
- T-Mobile: The highest fine, over $80 million, reflects its significant role and subsequent breaches post-merger with Sprint.
- AT&T: Fined more than $57 million for its part in the privacy violations.
- Verizon: Fined almost $47 million, with a fine revision after further review.
- Sprint: Although now merged with T-Mobile, faced a fine of more than $12 million for its actions before the merger.
FCC Chairwoman Jessica Rosenworcel expressed deep concern about the carriers' negligent behavior, stating that such sensitive information should be the utmost priority for protection due to the potential risks of misuse by foreign entities and cybercriminals.
The investigations were triggered by reports of a Missouri Sheriff unlawfully tracking people's locations via a service from Securus, a communications provider for correctional facilities. This egregious data misuse highlighted the broader systemic issues within these carriers' operations.
For customers, this action by the FCC is a crucial reminder of the importance of tight controls in how personal data is managed and shared with other entities. Users are encouraged to regularly review and manage their privacy settings with their carriers, and be cautious with what permissions they grant to third-party applications.
New “Pathfinder” Attack Exploits CPU Branch Predictors to Leak Secrets
Leave a Reply