Verizon, AT&T, T-Mobile fined nearly $200M for sharing customer data
Summer without sauce? Saying 'I don't' Tracking inflation Best CD rates this month
BUSINESS
FCC

FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data

Verizon, AT&T, T-Mobile and Sprint have been fined a collective $200 million for sharing customers' location data without their consent, the FCC announced Monday.

Eric Lagatta
USA TODAY

Federal regulators have fined several major cellphone carriers nearly $200 million combined for illegally sharing customers' location information without their consent.

The Federal Communications Commission announced the fines Monday against Verizon, AT&T, T-Mobile and Sprint, the latter two of which have since merged since investigation began. An investigation determined the four carriers sold access to their customers’ location data to aggregators, who went on to sell the data to third party location-based service providers.

“Our communications providers have access to some of the most sensitive information about us," said FCC Chairwoman Jessica Rosenworcel in a statement. "These carriers failed to protect the information entrusted to them."

Williams-Sonoma fined:Retailer must pay $3.2 million for falsely claiming products were "Made in the USA," FTC says

Signage is seen in August 2020 at the headquarters of the Federal Communications Commission in Washington, D.C.

Location data 'puts all of us at risk,' head investigator says

The investigations began after it was made public that the nation's largest wireless carriers were sharing customers' location information without their knowledge or any other sort of authorization.

By selling access to such information to aggregators, the FCC found that each carrier had attempted to "offload its obligations to obtain customer consent onto downstream recipients of location information." That meant that in many instances, no valid customer consent was ever obtained.

When the carriers were notified that their safeguards were ineffective, all four continued to sell access to location information without implementing measures to protect customer location information from unauthorized third party access, according to the FCC.

Under federal law, carriers are required to protect location information along with other confidential customer information unless they have "express consent" to share it, the FCC said.

Foreign adversaries and cybercriminals have begun making it a priority to obtain sensitive personal data of Americans, such as location information, said Loyaan A. Egal, chief of the FCC Enforcement Bureau, which headed the investigations.

“The protection and use of sensitive personal data such as location information is sacrosanct,” Egal said in a statement. “When placed in the wrong hands or used for nefarious purposes, it puts all of us at risk."

What were all 4 carriers fined?

The agency first proposed the fines in 2020 following the investigations.

The penalties for Verizon and T-Mobile were eventually reduced after the commission reviewed additional evidence, according to the forfeiture orders made available by the FCC.

Here's what each carrier has been fined:

  • Verizon: $46.9 million;
  • AT&T: $57.3 million;
  • T-Mobile: $80.1 million
  • Sprint: $12.2 million.

Wireless carriers plan to appeal penalty

In separate statements Monday to USA TODAY, Verizon, T-Mobile and AT&T all said they would appeal the ruling, indicating the penalty is related to programs the companies all shuttered more than five years ago.

In a statement saying “Verizon is deeply committed to protecting customer privacy," company spokesman Rich Young said FCC's order concerns a now-defunct program requiring opt-in consent from customers to support services like roadside assistance and medical alerts.

"When one bad actor gained unauthorized access to information relating to a very small number of customers, we quickly and proactively cut off the fraudster, shut down the program, and worked to ensure this couldn't happen again," Young said in the statement. "Unfortunately, the FCC’s order gets it wrong on both the facts and the law."

An AT&T spokesperson told USA TODAY that "the FCC order lacks both legal and factual merit."

"It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent, ignores the immediate steps we took to address that company’s failures, and perversely punishes us for supporting life-saving location services," according to a statement from AT&T.

T-Mobile said in its statement that "we take our responsibility to keep customer data secure very seriously and have always supported the FCC’s commitment to protecting consumers, but this decision is wrong, and the fine is excessive."

Eric Lagatta covers breaking and trending news for USA TODAY. Reach him at elagatta@gannett.com

Featured Weekly Ad