Supreme Court Upholds FCC Fines Over Telecom Sale of Customer Location Data
The U.S. Supreme Court ruled 8-1 that the Federal Communications Commission lawfully imposed nearly $200 million in penalties on major wireless carriers for improperly sharing customers’ location data. The decision upheld FCC forfeiture orders issued against AT&T, Verizon, and T-Mobile/Sprint, rejecting the companies’ argument that the agency’s penalty process violated their Seventh Amendment right to a jury trial. The Court agreed that FCC fine decisions are not final punishments on their own and can be enforced through the courts.
The case stemmed from findings that carriers sold access to sensitive location information to aggregators and failed to obtain valid customer consent or adequately safeguard the data. Investigators said the information was later misused by third parties, including bounty hunters, a rogue sheriff, and a government contractor that allegedly built a self-service tool allowing law enforcement agencies to obtain phone location data nationwide without a court order. The ruling preserves the FCC’s authority to investigate telecom privacy violations and pursue penalties over unlawful handling of subscriber location data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Supreme Court upholds FCC telecom location-data fines
On 2026-06-04, the U.S. Supreme Court ruled 8-1 that the FCC lawfully imposed the fines against the telecommunications companies. The decision rejected arguments that the FCC forfeiture process violated the carriers’ Seventh Amendment right to a jury trial and preserved the agency’s authority to investigate carriers and seek court enforcement of penalties.
FCC fines major telecoms nearly $200 million over location-data sharing
In April 2024, the FCC imposed nearly $200 million in penalties on AT&T, Verizon, and T-Mobile/Sprint for sharing consumers’ location data without proper consent. The FCC said the carriers failed to obtain valid customer consent, did not adequately protect the data, and sold access to aggregators that passed it to third-party data brokers.
Senate investigation uncovers warrantless access to phone location data
A Senate investigation led by Sen. Ron Wyden found that a government contractor used purchased location data to build a self-service website that let law enforcement obtain phone location data nationwide without a court order. The investigation helped expose how telecom location data was being resold through aggregators and brokers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
AT&T and Verizon lose Supreme Court case over fines for selling location data - Ars Technica
arstechnica.com
Open sourceSupreme Court rules FCC fines punishing telecom giants for sharing location data were legal | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Telecom providers face legal and regulatory fallout after major data breaches and service disruption
Comcast moved toward resolving litigation tied to its 2023 **Citrix Bleed**-linked breach, after a federal judge in Pennsylvania granted preliminary approval to a **$117.5M** settlement covering two dozen class actions. The incident was reported as potentially affecting **~30M** current and former customers; proposed relief includes **three years of credit/identity monitoring** plus either reimbursement of documented losses (up to **$10,000**) or a **$50** cash option, while Comcast continues to deny liability despite not opposing preliminary approval. Separately, South Korea’s **SK Telecom** rejected a government-affiliated consumer agency’s proposed compensation framework for a personal data leak, declining a plan that would pay **100,000 won (~$69.40)** per affected petitioner and potentially scale to a much larger total cost; the rejection leaves claimants to pursue individual civil suits. In a different telecom-related development not tied to a breach, the **FCC** opened a dedicated intake channel to collect customer reports as it investigates the **January 14 Verizon outage** that disrupted calling/texting for roughly **10 hours**, including impacts to **911** access; Verizon attributed the disruption to a software issue and offered customer credits.
Mar 21, 2026
US Scrutiny of Government Access to Commercial and Platform Location Data
US policymakers and courts are intensifying scrutiny of how law enforcement and federal agencies obtain and use location data, amid concerns that current practices can sweep in sensitive information about large numbers of people without adequate safeguards. More than 70 House and Senate Democrats urged DHS Inspector General **Joseph Cuffari** to investigate **ICE** for allegedly resuming **warrantless purchases of Americans’ location data**, including how the data is used, whether employee access is audited, and whether data governance controls exist. Lawmakers cited prior DHS OIG findings that **CBP, the Secret Service, and ICE** violated federal law by purchasing/using location data without warrants and lacked required privacy safeguards; the OIG previously recommended ICE halt use of commercial telemetry data until privacy assessments and compliance controls were implemented. In parallel, the US Supreme Court is poised to address the constitutionality of **geofence (“reverse search”) warrants**, with **Google** filing an amicus brief arguing the warrants are unconstitutional because they can identify all devices in a defined area/time window, capturing many non-suspects’ location data. Google noted it began storing Location History **on-device** in July 2025, limiting its ability to respond to geofence warrants going forward, but said the Court’s ruling could still affect other providers and historical requests; Google also reported objecting to **3,000+** geofence warrants in recent months. The case discussed involves **Okello Chatrie**, identified after police sought Google data placing devices near a 2019 bank robbery, and raises questions about the **third-party doctrine** and whether cloud-stored location data retains constitutional protections.
Apr 30, 2026
US Courts Scrutinize Law Enforcement Access to Digital Data via Device Searches and Geofence Warrants
A federal judge ordered the FBI to pause searching devices seized from *Washington Post* reporter Ellen Nakashima Natanson while the court considers claims that reviewing the contents would violate **First Amendment** protections for journalists and **attorney-client privilege**. The Post said the government refused to voluntarily refrain from reviewing the seized items pending judicial resolution, and argued the devices contain extensive journalistic work product, including tens of thousands of emails, interview recordings, story drafts, and encrypted **Signal** communications with more than 1,100 sources. Separately, the US Supreme Court agreed to hear a case challenging whether **geofence warrants**—orders compelling companies (often Google) to provide location data for devices present in a defined area during a specific time—are constitutional under the **Fourth Amendment**. The case arises from the prosecution of Okello Chatrie, where police used a geofence request to obtain anonymized location data near a robbery scene and then narrowed it to subscriber information; the petition highlights rapid growth in geofence requests and argues the practice is increasingly common despite inconsistent lower-court rulings and limited judicial guidance for balancing investigative needs against user privacy.
Mar 21, 2026