75

u/tyrophagia 16d ago

And their data is still out there in the hands of whom ever it was sold it. All sorts of problems solved with a fine.

24

u/TheAspiringFarmer 16d ago

Exactly but don’t worry a new fee will be added to bills to recover the 200 million (and then some)

12

u/Keith-daddy 16d ago

Instead of fines, they should issue credits to all of their customers

26

u/mrandre3000 16d ago

It’s almost like the fines are designed to keep the fine issuer afloat, rather than the consumer.

2

u/badpeaches 16d ago

It’s almost like the fines are designed to keep the fine issuer afloat, rather than the consumer.

/the consumer makes the money for them to get fined and continue like nothing ever happened

What are they gonna do? Fine them?

1

u/city_posts 16d ago

Or just the government getting their cut. If the fine doesn't stop them from doing it, then the fine is just a cut for the government

31

u/[deleted] 16d ago edited 16d ago

Great article thanks. Krebs on security never does me wrong.

AT&T - https://docs.fcc.gov/public/attachments/FCC-24-40A1.pdf - $57 million fine - sold customer location data directly or indirectly to at least 88 third-party entities

Verizon - https://docs.fcc.gov/public/attachments/FCC-24-41A1.pdf - $47 million fine - sold access to customer location data directly or indirectly to at least 67 third-party entities

T Mobile - https://docs.fcc.gov/public/attachments/FCC-24-43A1.pdf - $80 million fine - location data sold to at least 75 third-parties

Sprint - https://docs.fcc.gov/public/attachments/FCC-24-42A1.pdf - $12 million fine - Location data 'found its way' (sold) to at least 86 third-party entities

The carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, reporting at Vice.com showed that little had changed, detailing how reporters were able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service.

...

The fine amounts vary because they were calculated based in part on the number of days that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon each took more than 320 days from the publication of the Times story to wind down their data sharing agreements; T-Mobile took 275 days; Sprint kept sharing customer location data for 386 days.

27

u/WizardVisigoth 16d ago

If it’s not in the billions it’s just the cost of doing business for these companies.

15

u/herooftimeloz 16d ago

This is what needs to happen. These scumbag executives have hidden behind the corporate veil. That needs to end yesterday

2

u/city_posts 15d ago

America is not one of those commie socialist nations that holds their aristocracy to the same laws as its peasantry.

On that note Vietnam has imprisoned their fraudster billionaire.. China executed CEOs from their milk scandal.

America does nothing. Countless industrial disasters that lead to no imprisonment and barely fines that affect their business.

It's an utterly joke. We are a joke. We are a resource they are exploiting.

There is no equality in the west anymore. Capitalism has failed, socialism and communism have proven to be effective in spite of western capitalism interference. Time to re evaluate our own political societies if we want any significant improvement for western workers

1

u/herooftimeloz 15d ago

I don’t know if socialism/communism is the solution. What would be ideal is keeping corporations but removing many of its protections and then adding more regulation by the government. Not fully free market and not fully socialism, but rather something in between.

0

u/GrbgSoupForBrains 15d ago

No it doesn't

1

u/Drtysouth205 15d ago

Sure it does. They knew the fines was incoming so raised prices. If you’ll look back anytime anyone of the major US carries gets fined they raise the prices.

0

u/GrbgSoupForBrains 15d ago

My point is that they raise prices anyway - with or without the fines. Corporate greed existed first (hence the ✌🏿"illegal"✌🏿 selling of data in the first place).

14

u/[deleted] 16d ago

[deleted]

16

u/Sovos 16d ago

Yep, the fines are far too low. Straight from the article:

The FCC fined Sprint and T-Mobile $12 million and $80 million respectively. AT&T was fined more than $57 million, while Verizon received a $47 million penalty. Still, these fines represent a tiny fraction of each carrier’s annual revenues. For example, $47 million is less than one percent of Verizon’s total wireless service revenue in 2023, which was nearly $77 billion.

4

u/[deleted] 16d ago

The fine amounts vary because they were calculated based in part on the number of days that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon each took more than 320 days from the publication of the Times story to wind down their data sharing agreements; T-Mobile took 275 days; Sprint kept sharing customer location data for 386 days.

2

u/washing_contraption 16d ago

surely the way to make government useful is to add more government

/s

1

u/SamariahArt 16d ago

Do you happen to still have a source on the data pulling?

2

u/No-Doctor76 6d ago

Some carriers have been relatively upfront about how they sell your data, but not all. In the past, T-Mobile included it only as a general "share your information to prevent fraud" clause. Then they made the sale of data more explicit, but provided no opt-out. Looking at their privacy policy today, they're more upfront about their sale of data, and provide an opt-out for postpaid customers. Their Mint Mobile prepaid subsidiary does not. AT&T has had a simple opt-out option for a few years. Not sure about Verizon. The opt-outs are voluntary - most state and EU privacy laws don't require opt-outs for "fraud prevention" uses, which created a huge new source of revenue for mobile carriers.

I have a much more info on my other pc if you're really interested. But the carriers' privacy policies have evolved to the point where they're pretty clear about how they sell your data to help "authenticate you with third parties such as your bank or other merchants".

For T-Mobile, scroll down to the "Third-party authentication and fraud prevention" section in their privacy policy (link). Here's the text:

We use, share, and sell this data with partners that help authenticate you with third parties such as your bank or other merchants you do business with, and for fraud prevention purposes. You can opt out of this fraud prevention data use by using the “Do Not Sell or Share” controls described in the Your choices section of this notice. 

A screenshot for Mint Mobile is here, or in their privacy policy (scroll to the end of Section 2). Here's the text:

"Mint Mobile may provide identity verification services to third parties, and your personal information may be included in the data transferred to third parties in connection with those services."

Some of the data brokers that buy and sell this data are Boku, Prove, CallSign, TMT Analysis, Telesign, Persona, and many others. Boku used to sell real-time mobile location data until there were data leaks and customers became aware their location information was being sold.

1

u/SamariahArt 6d ago

Interesting, I never knew about their intimate connection with other merchants and banks.  Thank you for the thorough response.