The US Federal Communications Commission (FCC) found a nationwide outage on AT&T’s wireless network on 22 February blocked more than 92 million phone calls and prevented more than 25,000 emergency calls.

In a report, the FCC stated the outage, which lasted at least 12 hours, impacted all 50 US states as well as Washington, DC, Puerto Rico, and the U.S. Virgin Islands.

All voice and 5G data services for AT&T wireless customers were unavailable during the incident, impacting more than 125 million devices. Those same services were also inaccessible to MVNOs that rely on AT&T’s network.

The disruption took down service to the devices operated by public safety users of FirstNet, which is a public-private partnership between the federal government and AT&T. The FCC noted that while AT&T prioritised restoration of FirstNet services, it neglected to tell customers about the outage until three hours after it started.

It began after AT&T implemented a network change with an equipment configuration error. That configuration error caused the network to enter “protect mode” to prevent impact on other services while disconnecting all devices.

“When you sign-up for wireless service, you expect it will be available when you need it – especially for emergencies,” said FCC chair Jessica Rosenworcel stated.We take this incident seriously and are working to provide accountability for this lapse in service and prevent similar outages in the future.” 

Based on its five-month investigation, the FCC stated it referred the incident to its Enforcement Bureau for potential violations of FCC rules.

The report also “highlights the need for network operators to adhere to their internal procedures and industry best practices when implementing network changes”.

Those measures include implementing sufficient network controls to mitigate configuration errors, so they do not escalate and disrupt network operations. The FCC also noted the need for having systems and procedures in place with enough capacity to facilitate prompt recovery from large-scale outages.

TracFone settlement
The FCC also announced it reached a $16 million settlement with Verizon-owned TracFone Wireless to resolve investigations on whether it failed to reasonably protect its customers’ information.

The settlement with the prepaid company is related to three data breaches that included exploiting API vulnerabilities between January 2021 and January 2023. Those breaches exposed the sensitive personal information of customers. 

Loyaan A. Egal, chief of the FCC Enforcement Bureau and chair of the Privacy and Data Protection Task Force, stated “API security is paramount and should be on the radar of all carriers”.