The FCC announced yesterday that they and AT&T have come to a 25 million dollar settlement after AT&T call centers in Colombia, Mexico, and the Philippines stole and sold the private data, including social security numbers, of over 250,000 American customers.

According to the FCC, employees at these off-shore call centers stole the information in order to sell it to third-party criminals. The breach was so huge that the FCC has characterized their action against AT&T as the “largest privacy and data security enforcement action to date.”

Judging from the FCC’s announcement, this appears to have been a concerted effort across these three call centers. In addition to the multi-million dollar settlement, AT&T will be forced to beef up its data security given how easy it apparently is currently for employees to steal customer information.

All told, it’s been a banner year for fines and enforcement at the FCC and a bad year for corporate compliance with existing rules and statutes. Sprint was forced to pay 7.5 million dollars for not honoring customer’s do-not-call requests and Verizon had to pay 7.4 million for illegally marketing products to customers without their permission or knowledge (likely selling their information to marketers). These and other violations mean that the FCC has levied over 50 million in fines against corporations violating the law.

AT&T agreed to notify those affected by the breach as a term of their settlement with the FCC.