The country’s four biggest wireless carriers face fines of over $200 million following an investigation by the Enforcement Bureau of the U.S. Federal Communications Commission (FCC) that found that the carriers failed to adequately protect consumer location data from unauthorized access.
According to separate Notices of Apparent Liability for Forfeiture and Admonishment issued by the Commission in late February, the four carriers (Sprint Corporation, Verizon Communications, AT&T, and T-Mobile USA) face a total of $208 million in fines and other penalties for selling access to the location information generated by their customers’ wireless phones without taking reasonable measures to protect against unauthorized access to that information. Carrier T-Mobile faces a penalty of $91,630,000, the largest of the group, while Sprint faces the smallest penalty, just over $12 million.
According to the FCC, the Enforcement Bureau’s investigation followed public reports that, between 2014 and 2017, a law enforcement official in Missouri used a “location finding service” operated by Securus (a company that provides communications services to correctional facilities) to access location information for each of the wireless carriers’ customers without their consent.
The FCC’s investigation determined that the named carriers sold access to their customers’ location information to Securus and other aggregators, relying on contractual obligations between the parties that the aggregators would obtain consent from the wireless carriers’ customers before accessing their location data. The ease with which the Missouri law enforcement official gained access to consumer data without obtaining their prior consent underscored the weaknesses of the carriers’ efforts to safeguard customer data as required by law.
The individual Notices of Apparent Liability are available: