Major US Telecoms Fined For Sharing User Location Data

The Federal Communications Commission (FCC) has issued substantial fines totaling nearly $200 million against four major US telecom companies — AT&T, Verizon, T-Mobile, and Sprint — for illicitly selling customers' location data without their consent. This landmark decision wraps up a lengthy investigation into privacy violations that put a spotlight on the role of telecom giants in a pervasive data-sharing ecosystem.

The FCC's investigation revealed that these companies had been sharing real-time location data of their customers with third-party data aggregators, who then resold this information to a wide range of other businesses. This practice, according to the FCC Chairwoman Jessica Rosenworcel, compromised the privacy of countless consumers.

Rosenworcel stated in the announcement: "These carriers failed to protect the information entrusted to them. Here, we are talking about some of the most sensitive data in their possession: customers’ real-time location information, revealing where they go and who they are."

The breakdown of the fines sees T-Mobile shouldering the heaviest penalty at $80 million, followed by AT&T at $57 million, Verizon at $47 million, and Sprint at $12 million. This assessment reflects the extent and impact of each carrier's involvement in the unauthorized data sales.

Despite the hefty fines, all four companies have expressed intentions to appeal the FCC's ruling. They argue that the FCC's findings misrepresent the facts and legal standards, unfairly holding them accountable for third-party actions.

Tara Darrow, a spokesperson for T-Mobile, stated that “this industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted.”

An AT&T spokesperson asserted: "It unfairly holds us responsible for another company’s violation of our contractual requirements to obtain consent."

The bad press and fine particularly affect AT&T, who has already found themselves at the center of controversy as 70 million records associated with its customers appeared for sale on a hacking forum. While AT&T denied the data came from their systems, it doesn’t change the fact that sensitive information such as social security numbers, phone numbers, and physical addresses were all available for purchase by cybercriminals.