AT&T

reports:-china-hacked-verizon-and-at&t,-may-have-accessed-us-wiretap-systems

Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems

Chinese government hackers penetrated the networks of several large US-based Internet service providers and may have gained access to systems used for court-authorized wiretaps of communications networks, The Wall Street Journal reported Saturday. “People familiar with the matter” told the WSJ that hackers breached the networks of companies including Verizon, AT&T, and Lumen (also known as CenturyLink).

“A cyberattack tied to the Chinese government penetrated the networks of a swath of US broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests,” the WSJ wrote. “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful US requests for communications data, according to people familiar with the matter.”

These “attackers also had access to other tranches of more generic Internet traffic,” according to the WSJ’s sources. The attack is being attributed to a Chinese hacking group called Salt Typhoon.

The Washington Post reported on the hacking campaign yesterday, describing it as “an audacious espionage operation likely aimed in part at discovering the Chinese targets of American surveillance.” The Post report attributed the information to US government officials and said an investigation by the FBI, other intelligence agencies, and the Department of Homeland Security “is in its early stages.”

The Post report said there are indications that China’s Ministry of State Security is involved in the attacks.

Verizon reportedly working with FBI

Verizon reportedly set up a war room at its facility in Ashburn, Virginia, where it is working with personnel from the FBI, Microsoft, and Google subsidiary Mandiant.

Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems Read More »

“extreme”-broadcom-proposed-price-hike-would-up-vmware-costs-1,050%,-at&t-says

“Extreme” Broadcom-proposed price hike would up VMware costs 1,050%, AT&T says

Legal dispute continues —

Broadcom “preventing some vendors from selling products to us,” AT&T alleges.

The logo of American cloud computing and virtualization technology company VMware is seen at the Mobile World Congress (MWC), the telecom industry's biggest annual gathering, in Barcelona on March 2, 2023.

Broadcom quoted AT&T a 1,050 percent price hike for VMware offerings, AT&T has claimed in legal documents.

AT&T sued Broadcom on August 29, accusing Broadcom of unlawfully denying it the second of three one-year renewals for support services that AT&T thinks it’s entitled to. AT&T cites a contract signed before Broadcom bought VMware. The telecommunications firm says it has 75,000 virtual machines (VMs) across approximately 8,600 servers running on VMware. Broadcom, which has stopped selling VMware perpetual licenses, has said that AT&T missed its opportunity to renew support and that the contract between VMware and AT&T has an “End of Availability” provision allowing VMware to retire products and services.

Legal filings from September 27 and spotted by The Register today show an email [PDF] that AT&T EVP and GM of wireline transformation and global supply chain Susan A. Johnson apparently sent to Broadcom CEO Hock Tan pointing to “an impasse” over VMware.

Johnson argued in the email that AT&T should have the right to renew support through September 2026 thanks to a previously signed five-year deal:

This proposed annual increase of +1,050% in one year is extreme and certainly not how we expect strategic partners to engage in doing business with AT&T.

A 1,050 percent price hike is the largest that Ars Technica has heard of being proposed by Broadcom. At this time, it’s unknown if AT&T’s claims are accurate. Broadcom hasn’t publicly commented on the allegations.

Many VMware customers have pointed to VMware becoming more expensive under Broadcom, though. Broadcom’s changes to selling VMware have reportedly included bundling products into only about two SKUs and higher CPU core requirements. In March, customers reportedly complained about price increases of up to 600 percent, per The Register. And in February, ServeTheHome said small cloud service providers reported prices increasing tenfold.

AT&T’s contract with VMware may be one of the firm’s bigger accounts. A 1,050 percent price hike would be another level, however, even for a company the size of AT&T. Per Johnson’s email, AT&T and Broadcom have had a “strategic relationship” for over a decade.

The email reads:

… AT&T has decided to pursue a legal strategy along with a disciplined plan to invest to migrate away, all of which will quickly become public. I truly wish we had another option. Unfortunately, this decision will impact the future of our overall relationship and how we manage spend in other Broadcom areas.

AT&T on potentially migrating off VMware

In her email, Johnson points to migration costs as impacting how much AT&T is willing to pay for VMware.

According to the message, projected costs for moving AT&T off of VMware are $40 million to $50 million. AT&T is said to use VMware-based VMs for customer services operations and for operations management efficiency. Per AT&T’s email, migration “has a very quick payback” and “strong” internal rate of return, “especially given the high licensing costs proposed.”

On September 20, Broadcom requested that AT&T’s request to block Broadcom from discontinuing VMware support be denied. In legal documents [PDF], Broadcom said that AT&T is planning to ditch VMware and that AT&T could have spent “the last several months or even years” making the transition.

In an affidavit filed on September 27 [PDF], Johnson stated that her email to Tan does not suggest that migration “would be easy, quick, or inexpensive” and that “none of those would be accurate statements.”

“My point was that although it is not easy, cheap, or quick to migrate off VMware, Defendants’ high fees will incentivize us to migrate to another solution,” the affidavit reads.

Johnson also claimed that AT&T started exploring options for getting off VMware in December but thought that it had time to make decisions, since it believed it could opt to renew support for its licenses until September 2026.

In another legal filing from September 27 [PDF], Gordon Mansfield, president of global technology planning at AT&T Services, says:

AT&T currently estimates it will take a period of years to transition all of its servers currently operating with the VMware software away from VMware. Moreover, Defendants have not made it easy to do so since we understand that they are preventing some vendors from selling certain products to us.

The filing didn’t get into further detail about how exactly Broadcom could be blocking product sales to AT&T. Broadcom hasn’t publicly responded to Mansfield’s claim.

Regarding AT&T’s lawsuit, Broadcom has previously told Ars Technica that it “strongly disagrees with the allegations and is confident we will prevail in the legal process.”

Since Broadcom’s VMware acquisition, most customers are expected to have at least considered ditching VMware. However, moving can be challenging and costly as some IT environments are heavily dependent on VMware. Being able to ensure that things are able to run as expected during the transition period has also complicated potential migrations.

While AT&T and Broadcom’s legal dispute continues, Broadcom has agreed to continue providing AT&T with VMware support until October 9. A preliminary injunction hearing is scheduled for October 15.

“Extreme” Broadcom-proposed price hike would up VMware costs 1,050%, AT&T says Read More »

broadcom-responds-to-at&t’s-vmware-support-lawsuit:-at&t-has-“other-options”

Broadcom responds to AT&T’s VMware support lawsuit: AT&T has “other options”

Legal battle —

Broadcom defends against renewal, citing “End of Availability” provision.

Wooden gavel on table in a courtroom

Broadcom is accusing AT&T of trying to “rewind the clock and force” Broadcom “to sell support services for perpetual software licenses… that VMware has discontinued from its product line and to which AT&T has no contractual right to purchase.” The statement comes from legal documents Broadcom filed in response to AT&T’s lawsuit against Broadcom for refusing to renew support for its VMware perpetual licenses [PDF].

On August 29, AT&T filed a lawsuit [PDF] against Broadcom, alleging that Broadcom is breaking a contract by refusing to provide a one-year renewal for support for perpetually licensed VMware software. Broadcom famously ended perpetual VMware license sales shortly after closing its acquisition in favor of a subscription model featuring about two bundles of products rather than many SKUs.

AT&T claims its VMware contract (forged before Broadcom’s acquisition closed in November) entitles it to three one-year renewals of perpetual license support, and it’s currently trying to enact the second one. AT&T says it uses VMware products to run 75,000 virtual machines (VMs) across about 8,600 servers. The VMs are for supporting customer services operations and operations management efficiency, per AT&T. AT&T is asking the Supreme Court of the State of New York to stop Broadcom from ending VMware support services for AT&T and for “further relief” as deemed necessary.

On September 20, Broadcom filed for AT&T’s motion to be denied. Its defense includes its previously taken stance that VMware was moving toward a subscription model before Broadcom bought it. The transition from perpetual licenses to subscriptions was years in the making and, thus, something for which AT&T should have prepared, according to Broadcom. Broadcom claims that AT&T has admitted that it intends to migrate away from VMware software and that AT&T could have spent “the last several months or even years” doing so.

The filing argues: “AT&T resorts to sensationalism by accusing Broadcom of using ‘bullying tactics’ and ‘price gouging.’ Such attacks are intended to generate press and distract the Court from a much simpler story.”

Broadcom claims the simple story is that:

… the agreement contains an unambiguous “End of Availability” provision, which gives VMware the right to retire products and services at any time upon notice. What’s more, a year ago, AT&T opted not to purchase the very Support Services it now asks the Court to force VMware to provide. AT&T did so despite knowing Defendants were implementing a long planned and well-known business model transition and would soon no longer be selling the Support Services in question.

Broadcom says it has been negotiating with AT&T “for months” about a new contract, but the plaintiff “rejected every proposal despite favorable pricing.”

Broadcom’s filing also questions AT&T’s request for mandatory injunction, claiming that New York only grants those in “rare circumstances,” which allegedly don’t apply here.

AT&T has options, Broadcom says

AT&T’s lawsuit claims losing VMware support will cause extreme harm to itself and beyond. The lawsuit says that 22,000 of AT&T’s VMware VMs are used for support “of services to millions of police officers, firefighters, paramedics, emergency workers, and incident response team members nationwide… for use in connection with matters of public safety and/or national security.” It also claimed that communications for the Office of the President are at risk without VMware’s continued support.

However, Broadcom claims that AT&T has other choices, saying:

AT&T does have other options and, therefore, the most it can obtain is monetary damages. The fact that AT&T has been given more than eight-months’ notice and has in the meantime failed to take any measures to prevent its purported harm (e.g., buy a subscription for the new offerings or move to another solution) is telling and precludes any finding of irreparable harm. Even if AT&T thinks it deserves better pricing, it could have avoided its purported irreparable harm by entering in a subscription based deal and suing for monetary damages instead of injunctive relief.

AT&T previously declined to answer Ars Technica’s questions about its backup plans for supporting such important customers should it lose VMware support.

Broadcom has rubbed some customers the wrong way

Broadcom closed its VMware acquisition in November and quickly made dramatic changes. In addition to Broadcom’s reputation for overhauling companies after buying them, moves like ending perpetual licenses, taking VMware’s biggest customers directly instead of using channel partners, and raising costs by bundling products and issuing higher CPU core requirements have led customers and partners to reconsider working with the company. Migrating from VMware can be extremely challenging and expensive due to its deep integration into some IT environments, but many are investigating migration, and some expect Broadcom to face years of backlash.

As NAND Research founder and analyst Steve McDowell told TechTarget about this case:

It’s very unusual for customers to sue their vendors. I think Broadcom grossly underestimated how passionate the customer base is, [but] it’s a captive audience.

As this lawsuit demonstrates, Broadcom’s VMware has brought serious customer concerns around ongoing support. Companies like Spinnaker Support are trying to capitalize by offering third-party support services.

Martin Biggs, VP and managing director of EMEA and strategic initiatives at Spinnaker, told Ars Technica that his company provides support so customers can spend time determining their next move, whether that’s buying into a VMware subscription or moving on:

VMware customers are looking for options; the vast majority that we have spoken to don’t have a clear view yet of where they want to go, but in all cases the option of staying with VMware for the significantly increased fees is simply untenable. The challenge many have is that not paying fees means not getting support or security on their existing investment.

VMware’s support for AT&T was supposed to end on September 8, but the two companies entered an agreement to continue support until October 9. A hearing on a preliminary injunction is scheduled for October 15.

Broadcom responds to AT&T’s VMware support lawsuit: AT&T has “other options” Read More »

at&t-fined-$13m-for-data-breach-after-giving-customer-bill-info-to-vendor

AT&T fined $13M for data breach after giving customer bill info to vendor

A man with an umbrella walking past a building with an AT&T logo.

AT&T agreed to pay a $13 million fine because it gave customer bill information to a vendor in order to create personalized videos, then allegedly failed to ensure that the vendor destroyed the data when it was no longer needed. In addition to the fine, AT&T agreed to stricter controls on sharing data with vendors in a consent decree announced today by the Federal Communications Commission.

In January 2023, years after the data was supposed to be destroyed, the vendor suffered a breach “when threat actors accessed the vendor’s cloud environment and ultimately exfiltrated AT&T customer information,” the FCC said. Information related to 8.9 million AT&T wireless customers was exposed.

Phone companies are required by law to protect customer information, and AT&T should not have merely relied on third-party firms’ assurances that they destroyed data when it was no longer needed, the FCC said.

“AT&T used the vendor to generate and host personalized video content, including billing and marketing videos, for AT&T customers,” an FCC press release said. “Under AT&T’s contracts, the vendor should have destroyed or returned AT&T customer information when no longer necessary to fulfill contractual obligations, which ended years before the breach occurred. AT&T failed to ensure the vendor: (1) adequately protected the customer information, and (2) returned or destroyed it as required by contract.”

The data “remained in the vendor’s cloud environment for many years after it should have been deleted or returned to AT&T and was ultimately exposed” in the January 2023 breach, an FCC Enforcement Bureau order said.

Data should have been deleted in 2018

AT&T told the FCC that it shared customer data with the vendor between 2015 and 2017, and that data was supposed to be “securely destroyed or deleted” by 2018. The exposed data included “line count for all impacted customers, and bill balance and payment information and rate plan name and features for approximately one percent of impacted customers,” the FCC said.

AT&T told Ars today that the data “did not contain credit card information, Social Security Numbers, account passwords or other sensitive personal information.” AT&T said it notified customers of the breach in March 2023.

“AT&T stated that it monitored impacted customer accounts following the incident and identified no evidence of AT&T account-related fraud or other unlawful or unauthorized activity tied to the Breach,” the consent decree said. “According to AT&T, porting, SIM swap, and equipment fraud rates for impacted customers following the incident were consistently less than the rates for the general population of AT&T Mobility customers across all account types.”

When contacted by Ars, AT&T did not respond directly to the FCC’s allegation that it failed to ensure the vendor protected customer information. AT&T provided us with a statement saying, “A vendor we previously used experienced a security incident last year that exposed data pertaining to some of our wireless customers. Though our systems were not compromised in this incident, we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices.”

AT&T fined $13M for data breach after giving customer bill info to vendor Read More »

at&t-sues-broadcom-for-refusing-to-renew-perpetual-license-support

AT&T sues Broadcom for refusing to renew perpetual license support

AT&T vs. Broadcom —

Ars cited in lawsuit AT&T recently filed against Broadcom.

Signage is displayed outside the Broadcom offices on June 7, 2018 in San Jose, California.

AT&T filed a lawsuit against Broadcom on August 29 accusing it of seeking to “retroactively change existing VMware contracts to match its new corporate strategy.” The lawsuit, spotted by Channel Futures, concerns claims that Broadcom is not letting AT&T renew support services for previously purchased perpetual VMware software licenses unless AT&T meets certain conditions.

Broadcom closed its $61 billion VMware acquisition in November and swiftly enacted sweeping changes. For example, in December, Broadcom announced the end of VMware perpetual license sales in favor of subscriptions of bundled products. Combined with higher core requirements per CPU subscription, complaints ensued that VMware was getting more expensive to work with.

AT&T uses VMware software to run 75,000 virtual machines (VMs) across about 8,600 servers, per the complaint filed at the Supreme Court of the State of New York [PDF]. It reportedly uses the VMs to support customer service operations and for operations management efficiency.

AT&T feels it should be granted a one-year renewal for VMware support services, which it claimed would be the second of three one-year renewals to which its contract entitles it. According to AT&T, support services are critical in case of software errors and for upkeep, like security patches, software upgrades, and daily maintenance. Without support, “an error or software glitch” could result in disruptive failure, AT&T said.

AT&T claims Broadcom refuses to renew support and plans to terminate AT&T’s VMware support services on September 9. It asked the court to stop Broadcom from cutting VMware support services and for “further relief” deemed necessary. The New York Supreme Court has told Broadcom to respond within 20 days of the complaint’s filing.

In a statement to Ars Technica, an AT&T spokesperson said: “We have filed this complaint to preserve continuity in the services we provide and protect the interests of our customers.”

AT&T accuses Broadcom of trying to make it spend millions on unwanted software

AT&T’s lawsuit claims that Broadcom has refused to renew support services for AT&T’s perpetual licenses unless AT&T agrees to what it deems are unfair conditions that would cost it “tens of millions more than the price of the support services alone.”

The lawsuit reads:

Specifically, Broadcom is threatening to withhold essential support services for previously purchased VMware perpetually licensed software unless AT&T capitulates to Broadcom’s demands that AT&T purchase hundreds of millions of dollars’ worth of bundled subscription software and services, which AT&T does not want.

After buying VMware, Broadcom consolidated VMware’s offering from about 8,000 SKUs to four bundles, per Channel Futures. AT&T claims these subscription offerings “would impose significant additional contractual and technological obligations.” AT&T claims it might have to invest millions to “develop its network to accommodate the new software.”

VMware and AT&T’s agreement precludes “Broadcom’s attempt to bully AT&T into paying a king’s ransom for subscriptions AT&T does not want or need, or risk widespread network outages,” AT&T reckons.

In its lawsuit, AT&T claims “bullying tactics” were expected from Broadcom post-acquisition. Quoting Ars Technica reporting, the lawsuit claims that “Broadcom wasted no time strong-arming customers into highly unfavorable subscription models marked by ‘steeply increased prices[,]’ ‘refusing to maintain security conditions for perpetual license[d] [software,]’ and threatening to cut off support for existing products already licensed by customers—exactly as it has done here.'”

“Without the Support Services, the more than 75,000 virtual machines operated by AT&T⸺impacting millions of its customers worldwide⸺would all be just an error or software glitch away from failing,” AT&T’s lawsuit says.

Broadcom’s response

In the lawsuit, Broadcom alleges that AT&T is not eligible to renew support services for a year because it believes AT&T was supposed to renew all three one-year support service plans by the end of 2023.

In a statement to Ars Technica, a Broadcom company spokesperson said:

Broadcom strongly disagrees with the allegations and is confident we will prevail in the legal process. VMware has been moving to a subscription model, the standard for the software industry, for several years – beginning before the acquisition by Broadcom. Our focus will continue to be providing our customers choice and flexibility while helping them address their most complex technology challenges.

Communications for Office of the President, first responders could be affected

AT&T’s lawsuit emphasizes that should it lose support for VMware offerings, communications for the Office of the President and first responders would be at risk. AT&T claims that about 22,000 of its 75,000 VMs relying on VMware “are used in some way to support AT&T’s provision of services to millions of police officers, firefighters, paramedics, emergency workers and incident response team members nationwide… for use in connection with matters of public safety and/or national security.”

When reached for comment, AT&T’s spokesperson declined to comment on AT&T’s backup plan for minimizing disruption should it lose VMware support in a few days.

Ultimately, the case centers on “multiple documents involved, and resolution of the dispute will require interpretation as to which clauses prevail,” Benjamin B. Kabak, a partner practicing in technology and outsourcing at the Loeb & Loeb LLP New York law firm, points out

AT&T sues Broadcom for refusing to renew perpetual license support Read More »

at&t-rebuked-over-misleading-ad-for-nonexistent-satellite-phone-calling

AT&T rebuked over misleading ad for nonexistent satellite phone calling

Remember 5GE? —

AT&T reluctantly adds disclaimer: “Satellite calling is not currently available.”

A gloved hand holds a phone while making a call. The screen shows an AT&T logo and the text,

Enlarge / Screenshot from AT&T commercial featuring Ben Stiller making a satellite call to Jordan Spieth.

AT&T has been told to stop running ads that claim the carrier is already offering cellular coverage from space.

AT&T intends to offer Supplemental Coverage from Space (SCS) and has a deal with AST SpaceMobile, a Starlink competitor that plans a smartphone service from low-Earth-orbit satellites. But AST SpaceMobile’s first batch of five satellites isn’t scheduled to launch until September.

T-Mobile was annoyed by AT&T running an ad indicating that its satellite-to-cellular service was already available, and filed a challenge with the advertising industry’s self-regulatory system run by BBB National Programs. The BBB National Advertising Division (NAD) ruled against AT&T last month and the carrier appealed to the National Advertising Review Board (NARB), which has now also ruled against AT&T.

“It was not disputed that AT&T does not currently offer SCS coverage to its cellular customers… Therefore, the NARB panel recommended that AT&T discontinue the claim that SCS service is presently available to consumers or modify the claim to clearly and conspicuously communicate that SCS is not available at this time,” the NARB said in an announcement yesterday.

AT&T, which is also famous for renaming its 4G service “5GE,” reluctantly agreed to comply with the recommendation and released a new version of the satellite-calling commercial with more specific disclaimers. “AT&T supports NARB’s self-regulatory process and will comply with NARB’s decision… However, we respectfully disagree with NARB’s conclusion recommending that the commercial be discontinued or modified,” AT&T said in its statement on the decision.

The challenged advertisement, titled “Epic Bad Golf Day,” features actor Ben Stiller looking for a golf ball in various remote locations.

“The commercial near the end shows Mr. Stiller having finally caught up with his golf ball in a desert wasteland… He then places a cellular phone call to champion golfer Jordan Spieth, shown standing on a golf green, presumably so that Mr. Spieth can offer golfing advice,” the NARB ruling said. “An image in the commercial shows the call from Mr. Stiller to Mr. Spieth connecting through a satellite relay. Another visual shows Mr. Stiller’s phone stating that it is ‘Making satellite connection.'”

AT&T: Commercial shouldn’t be taken literally

AT&T’s appeal “points to a number of fanciful/ludicrous features of the commercial in Mr. Stiller’s golf ball odyssey to argue that reasonable consumers will not receive a message that satellite service is currently available, but will understand that AT&T is burnishing its brand by pointing to technological features currently under development,” the panel wrote.

T-Mobile countered “that the use of humor does not shield an advertiser from its obligation to ensure that claims are truthful and non-misleading,” and the NARB agreed.

“The panel views the humorous/fanciful nature of Mr. Stiller’s antics as a means of attracting the attention of viewers, but also as a means of emphasizing the utility of SCS technology—allowing for calls to be placed from remote locations not currently accessible to mobile service,” the industry self-regulatory group said. “The humor associated with Mr. Stiller’s golf misadventures does not cancel out the consumer communication that SCS service is currently available. In addition, the panel does not accept AT&T’s argument that the panel’s decision (or NAD’s decision being appealed) will interfere with the use of humor in advertising.”

The ad originally included small text that described the depicted satellite call as a “demonstration of evolving technology.” The text was changed this week to say that “satellite calling is not currently available.”

“Even assuming consumers will read [the disclaimer], one reasonable interpretation of ‘evolving technology’ is that the technology is currently available, albeit expected to improve in the future,” the NARB said.

The original version also had text that said, “the future of help is an AT&T satellite call away.” The NARB concluded that this “statement can be interpreted reasonably as stating that ‘future’ technology has now arrived. The next visual reinforces that message, as it shows Mr. Stiller communicating on a cell phone call while in a remote location, and the accompanying visual states ‘connecting changes everything,’ a message addressing the present, not the future.”

In the updated version of the ad, AT&T changed the text to say that “the future of help will be an AT&T satellite call away.”

AT&T rebuked over misleading ad for nonexistent satellite phone calling Read More »

big-three-carriers-pay-$10m-to-settle-claims-of-false-“unlimited”-advertising

Big Three carriers pay $10M to settle claims of false “unlimited” advertising

False advertising —

States obtain settlement, but it’s unclear whether consumers will get refunds.

The word,

Verizon

T-Mobile, Verizon, and AT&T will pay a combined $10.2 million in a settlement with US states that alleged the carriers falsely advertised wireless plans as “unlimited” and phones as “free.” The deal was announced yesterday by New York Attorney General Letitia James.

“A multistate investigation found that the companies made false claims in advertisements in New York and across the nation, including misrepresentations about ‘unlimited’ data plans that were in fact limited and had reduced quality and speed after a certain limit was reached by the user,” the announcement said.

T-Mobile and Verizon agreed to pay $4.1 million each while AT&T agreed to pay a little over $2 million. The settlement includes AT&T subsidiary Cricket Wireless and Verizon subsidiary TracFone.

The settlement involves 49 of the 50 US states (Florida did not participate) and the District of Columbia. The states’ investigation found that the three major carriers “made several misleading claims in their advertising, including misrepresenting ‘unlimited’ data plans that were actually limited, offering ‘free’ phones that came at a cost, and making false promises about switching to different wireless carrier plans.”

“AT&T, Verizon, and T-Mobile lied to millions of consumers, making false promises of free phones and ‘unlimited’ data plans that were simply untrue,” James said. “Big companies are not excused from following the law and cannot trick consumers into paying for services they will never receive.”

States have options for using money

The carriers denied any illegal conduct despite agreeing to the settlement. In addition to payments to each state, the carriers agreed to changes in their advertising practices. It’s unclear whether consumers will get any refunds out of the settlement, however.

The settlement gives states leeway in how to use the payments from carriers. The payments can be used to cover “attorneys’ fees and other costs of investigation and litigation,” or can go toward “consumer protection law enforcement funds.”

States can use the payments for future consumer protection enforcement, consumer education, litigation, or a consumer aid fund. The money can also be used for “monitoring and potential enforcement” of the settlement terms “or consumer restitution,” the settlement says.

We asked James’ office about whether any consumer restitution is planned and will update this article if we get a response.

Advertising restrictions

The three carriers agreed that all advertisements to consumers must be “truthful, accurate and non-misleading.” They also agreed to the following changes, the NY attorney general’s office said:

  • “Unlimited” mobile data plans can only be marketed if there are no limits on the quantity of data allowed during a billing cycle.
  • Offers to pay for consumers to switch to a different wireless carrier must clearly disclose how much a consumer will be paid, how consumers will be paid, when consumers can expect payment, and any additional requirements consumers have to meet to get paid.
  • Offers of “free” wireless devices or services must clearly state everything a consumer must do to receive the “free” devices or services.
  • Offers to lease wireless devices must clearly state that the consumer will be entering into a lease agreement.
  • All “savings” claims must have a reasonable basis. If a wireless carrier claims that consumers will save using its services compared to another wireless carrier, the claim must be based on similar goods or services or differences must be clearly explained to the consumer.

The advertising restrictions are to be in place for five years.

T-Mobile provided a statement about the settlement to Ars today. “After nine years, we are glad to move on from this industry-wide investigation with this settlement and a continued commitment to the transparent and consumer-friendly advertising practices we’ve undertaken for years,” T-Mobile said.

AT&T and Verizon declined to comment individually and referred us to their lobby group, CTIA. “These voluntary agreements reflect no finding of improper conduct and reaffirm the wireless industry’s longstanding commitment to clarity and integrity in advertising so that consumers can make informed decisions about the products and services that best suit them,” the wireless lobby group said.

Big Three carriers pay $10M to settle claims of false “unlimited” advertising Read More »

at&t-announces-$7-monthly-add-on-fee-for-“turbo”-5g-speeds

AT&T announces $7 monthly add-on fee for “Turbo” 5G speeds

A pedestrian walks past a large AT&T logo on the glass exterior of an AT&T store.

Getty Images | Bloomberg

AT&T is now charging mobile customers an extra $7 per month for faster wireless data speeds. AT&T says the Turbo add-on, available starting today, is “built to support high-performance mobile applications, like gaming, social video broadcasting and live video conferencing, with optimized data while customers are on the go.”

While Turbo “boosts all the high-speed and hotspot data on a user’s connection,” AT&T said the difference will be more noticeable for certain kinds of applications. For example, gaming applications using Turbo will experience “less freezing or stuttering and lower latency,” AT&T said.

The $7 charge is for each line. Adding Turbo to multiple lines on the same account requires paying the extra fee for each line. AT&T said that Turbo lets users “optimize their plan’s high-speed (premium) and hotspot data allotments” and provides better data performance “even during busy times on the network.”

Turbo is only available for 5G phones on certain “unlimited” plans. AT&T notes that “Turbo does not provide extra data” and that “if you exceed your existing allotments your normal network management applies.”

“On AT&T Unlimited Extra EL after 75GB, AT&T may temporarily slow data speeds if the network is busy,” the company says. “On each eligible plan, after you exceed your hotspot allotment, your hotspot speeds are slowed to a maximum of 128Kbps.”

People who pay extra for Turbo might want to look at their video settings. By default, AT&T limits video streaming to DVD quality, but customers can turn on high-definition video at the expense of using more data.

Quality of service

An article by The Mobile Report said that AT&T will differentiate between users who pay for Turbo and those who don’t with Quality of Service Class Identifiers, or QCIs. “We’re told that, basically, all eligible plans are now moved to QCI 8, and get the privilege of buying their way back into QCI 7,” the article said. QCI 6 is reportedly reserved for public safety professionals on the FirstNet service built by AT&T under a government contract.

AT&T confirmed to Ars today that Turbo “is assigned to a QCI to which some of our consumer traffic was previously assigned.” But AT&T said it has “materially modified it and increased network resources and relative weighting for AT&T Turbo traffic, thereby creating a higher level of performance than we’ve ever before offered to consumers.”

AT&T also said that QCIs “are simply a number assigned to a class of service,” and that the “treatment and performance of traffic in a particular class is affected by a range of variables that can be tuned to provide different experiences.” AT&T said that last summer, it “rationalized and streamlined how our plans are mapped to QCI levels” and that “these changes helped optimize network performance for our overall customer base.”

The current version of Turbo may be followed by other paid extras that enhance performance, as AT&T called it the “first step in modernizing and preparing our mobile network for future innovative use cases… Latency-sensitive applications will continue to need more enhanced network technologies to perform their best, so we plan to continue to advance and evolve AT&T Turbo.”

AT&T announces $7 monthly add-on fee for “Turbo” 5G speeds Read More »

fcc-fines-big-three-carriers-$196m-for-selling-users’-real-time-location-data

FCC fines big three carriers $196M for selling users’ real-time location data

Illustration with a Verizon logo displayed on a smartphone in front of stock market percentages in the background.

Getty Images | SOPA Images

The Federal Communications Commission today said it fined T-Mobile, AT&T, and Verizon $196 million “for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure.”

The fines relate to sharing of real-time location data that was revealed in 2018. The FCC proposed the fines in 2020, when the commission had a Republican majority, and finalized them today.

All three major carriers vowed to appeal the fines after they were announced today. The three carriers also said they discontinued the data-sharing programs that the fines relate to.

The fines are $80.1 million for T-Mobile, $57.3 million for AT&T, and $46.9 million for Verizon. T-Mobile is also on the hook for a $12.2 million fine issued to Sprint, which was bought by T-Mobile shortly after the penalties were proposed over four years ago.

Today, the FCC summarized its findings as follows:

The FCC Enforcement Bureau investigations of the four carriers found that each carrier sold access to its customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers. In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained. This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.

“Shady actors” got hold of data

The problem first came to light with reports of customer location data “being disclosed by the largest American wireless carriers without customer consent or other legal authorization to a Missouri Sheriff through a ‘location-finding service’ operated by Securus, a provider of communications services to correctional facilities, to track the location of numerous individuals,” the FCC said.

Chairwoman Jessica Rosenworcel said that news reports in 2018 “revealed that the largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors. This ugly practice violates the law—specifically Section 222 of the Communications Act, which protects the privacy of consumer data.”

For a time after the 2018 reports, “all four carriers continued to operate their programs without putting in place reasonable safeguards to ensure that the dozens of location-based service providers with access to their customers’ location information were actually obtaining customer consent,” the FCC said.

The three carriers are ready to challenge the fines in court. “This industry-wide third-party aggregator location-based services program was discontinued more than five years ago after we took steps to ensure that critical services like roadside assistance, fraud protection and emergency response would not be disrupted,” T-Mobile said in a statement provided to Ars. “We take our responsibility to keep customer data secure very seriously and have always supported the FCC’s commitment to protecting consumers, but this decision is wrong, and the fine is excessive. We intend to challenge it.”

FCC fines big three carriers $196M for selling users’ real-time location data Read More »

at&t:-data-breach-affects-73-million-or-51-million-customers-no,-we-won’t-explain.

AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.

“SECURITY IS IMPORTANT TO US” —

When the data was published in 2021, the company said it didn’t belong to its customers.

AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.

Getty Images

AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn’t saying.

In a mandatory filing with the Maine Attorney General’s office, the telecommunications company said 51.2 million account holders were affected. On its corporate website, AT&T put the number at 73 million. In either event, compromised data included one or more of the following: full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes. Personal financial information and call history didn’t appear to be included, AT&T said, and data appeared to be from June 2019 or earlier.

The disclosure on the AT&T site said the 73 million affected customers comprised 7.6 million current customers and 65.4 million former customers. The notification said AT&T has reset the account PINs of all current customers and is notifying current and former customers by mail. AT&T representatives haven’t explained why the letter filed with the Maine AG lists 51.2 million affected and the disclosure on its site lists 73 million.

According to a March 30 article published by TechCrunch, a security researcher said the passcodes were stored in an encrypted format that could easily be decrypted. Bleeping Computer reported in 2021 that more than 70 million records containing AT&T customer data was put up for sale that year for $1 million. AT&T, at the time, told the news site that the amassed data didn’t belong to its customers and that the company’s systems had not been breached.

Last month, after the same data reappeared online, Bleeping Computer and TechCrunch confirmed that the data belonged to AT&T customers, and the company finally acknowledged the connection. AT&T has yet to say how the information was breached or why it took more than two years from the original date of publication to confirm that it belonged to its customers.

Given the length of time the data has been available, the damage that’s likely to result from the most recent publication is likely to be minimal. That said, anyone who is or was an AT&T customer should be on the lookout for scams that attempt to capitalize on the leaked data. AT&T is offering one year of free identity theft protection.

AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain. Read More »

epa-expands-“high-priority”-probe-into-at&t,-verizon-lead-contaminated-cables

EPA expands “high priority” probe into AT&T, Verizon lead-contaminated cables

EPA expands “high priority” probe into AT&T, Verizon lead-contaminated cables

The Environmental Protection Agency (EPA) is expanding its investigation into potential risks posed by lead-covered cables installed nationwide by major telecommunications companies, The Wall Street Journal revealed in an exclusive report Thursday.

After finding “more than 100 readings with elevated lead near cables,” the EPA sent letters to AT&T and Verizon in December, requesting a meeting later this month, the Journal revealed. On the agenda, the EPA expects the companies to share internal data on their own testing of the cables, as well as details from any “technical reports related to the companies’ testing and sampling,” the WSJ reported.

The EPA’s investigation was prompted by a WSJ report published last July, alleging that AT&T, Verizon, and other companies were aware that thousands of miles of cables could be contaminating soils throughout the US, “where Americans live, work and play,” but did nothing to intervene despite the many public health risks associated with lead exposure.

In that report, tests showed that the telecom cables were likely the source of lead contaminated soils because “the amount measured in the soil was highest directly under or next to the cables and dropped within a few feet.” WSJ also spoke to residents and former telecom employees in areas tested who had contracted illnesses commonly linked to lead exposure.

Immediately, WSJ’s report spurred lawmakers to demand a response from USTelecom—a telecommunications trade association representing companies accused—with Senator Ed Markey (D-Mass.) suggesting that telecom giants were seemingly committing “corporate irresponsibility of the worst kind.”

Since then, the EPA has followed up and developed “its own testing data” in West Orange, New Jersey, southwest Pennsylvania, and Louisiana—the same locations flagged by the WSJ. In all locations, the EPA found lead contamination exceeding the “current recommendation for levels of lead it believes are generally safe in soil where children play,” 400-parts-per-million, the WSJ reported. In West Orange, two testing sites found lead “at 3,300 parts per million or higher.”

According to the EPA, initial testing by a national working group led to a conclusion that none of these sites poses an immediate health risk or requires an emergency response, but that finding hasn’t stopped the probe. The EPA told the WSJ that it still needs to address unanswered questions to decide “whether further actions may be required to address risks from the lead-containing cables.”

“While some locations sampled show concentrations above screening levels for long term exposures, existing data is not sufficient to determine whether lead from the cables poses a threat, or a potential threat, to human health or the environment,” the EPA said in a Reuters report.

Companies maintain that evidence from their own testing has shown lead cables do not pose public health risks requiring remediation.

USTelecom, speaking on behalf of Verizon and other telecom companies, told the WSJ that “our industry has been engaging with the EPA and our companies look forward to meeting with the EPA to discuss agency and industry testing results. We will continue to follow the science, which has not identified that lead-sheathed telecom cables are a leading cause of lead exposure or the cause of a public health issue.”

AT&T told the WSJ that it “will continue to work collaboratively with the EPA as it undertakes its review of lead-clad telecommunications cables. We look forward to the opportunity to meet with the EPA to discuss recent testing and other evidence that contradicts the Wall Street Journal’s assertions.”

An EPA spokesperson, Nick Conger, told Bloomberg that there is no date set for the meeting yet.

EPA expands “high priority” probe into AT&T, Verizon lead-contaminated cables Read More »