Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

How stolen data sold to a bald guy landed AT&T with record-breaking $25 million FCC fine

Add as a preferred source on Google

AT&T is about to pay heavily for a data breach which saw a wealth of personal data stolen and sold from some of its call centers last year. The FCC has fined the network $25 million for the breach, and said it would “not stand idly by when a carrier’s lax data security practices expose personal information.” The breaches in question happened at AT&T’s call centers located in Mexico, Colombia, and the Philippines, and involved personal data related to nearly 280,000 people. The information accessed included Social Security numbers, names, and other account data.

According to the FCC’s report, the primary breach was a lengthy operation spanning 168 days at AT&T’s Mexico call center, where three employees illegally accessed nearly 70,000 accounts. What did they want with all this information? Apparently, two of the employees confessed they were selling the data to a shadowy group or person known only as El Pelon, which is apparently slang for “the bald guy,” or slightly more sinisterly, “The Bald One.”

Recommended Videos

The Bald One, or members of his follicle-challenged gang, went on to use around 50,000 of these records to file 290,000 unlock requests via AT&T’s online system. Presumably, this was to unlock stolen phones ready for use on other networks.

Although the FCC’s investigation specifically details the Mexico breach between November 2013 and April 2014, AT&T had been aware of the situation before and after those dates. In December 2012, an employee at the center was fired for accessing accounts without authorization, and another resigned for a similar reason in January 2013. Neither incidents were classed as breaches by AT&T. In March this year, AT&T told the FBI it was investigating similar data breaches in Colombia and the Philippines.

The $25 million fine is the largest the FCC has handed out to date over security enforcement, and it has also ordered AT&T to appoint a senior data security compliance manager, develop a new compliance plan, and train its employees on privacy policies. The network will also provide a free number for customers to call if they’re concerned about their own data. AT&T stopped using the call center in Mexico during September 2014, and has 30 days to pay the FCC.

Andy Boxall
Andy has written about mobile technology for almost a decade. From 2G to 5G and smartphone to smartwatch, Andy knows tech.
If you shoot RAW, Snapseed just solved one of your biggest headaches
Version 4.1 brings broad RAW format support to Android, with an iOS release coming soon.
Electronics, Phone, Mobile Phone

If you shoot RAW and edit on your phone, Google's free photo editing app Snapseed just got a lot more useful. The app has received a fresh update on Android, adding support for a long list of RAW formats it previously couldn't handle.

What's new in Snapseed v4.1

Read more
How to install iOS 27 public beta on your iPhone?
iOS 27’s public beta is here, and its loaded with new features and experiences you might want to try.
iOS 27 beta update open on iPhone

After iOS 27’s third developer beta shipped on July 6, Apple released the first public betas for iOS 27 on July 13, 2026. While the main additions remain the same across the builds, the latter is the more refined and polished version, free of rudimentary bugs and glitches.

If you have a compatible iPhone, you can install the first public beta of iOS 27 today and experience the new Siri AI and other features yourself, provided that you know exactly what to do.

Read more
This Android malware can spy on your screen, read your texts, and control your phone remotely
Upgraded RedHook Android malware now abuses Android's built-in Wireless ADB to hijack your phone without root access.
android-redhook-malware

A nastier version of the RedHook Android malware is making the rounds, and it does not need a USB cable or a rooted phone to take over your device. Researchers at Group-IB discovered the upgraded variant, which is a significant step up from the version spotted in 2025. The scariest part? It uses one of Android's own built-in tools to do it.

How RedHook malware tricks your Android phone into handing over control

Read more