One or more wireless carriers violated federal law by failing to protect sensitive customer information like real-time data location, FCC Chairman Ajit Pai confirmed today in letters sent to Congress as part of a wireless location investigation [PDF].

As noted by Bloomberg, Pai's letter comes after the U.S. Committee on Energy and Commerce in November accused the FCC of "failing in its duty to to enforce the laws Congress passed to protect consumers' privacy."

The accusation was referring to major wireless carriers disclosing real-time consumer location information to third-party data services, with data services then selling that sensitive info to a variety of companies without customer consent.

The location selling practices surfaced last year after Motherboard reported that Sprint, AT&T, and T-Mobile were selling subscriber geolocation data to third-party companies like LocationSmart and Zumigo, with those companies then passing it along to bounty hunters, bail bondsmen, and more.

The FCC's letter confirms that one or more wireless carriers violated the law by sharing location data with third-party services, though it does not specify which carriers have done so. Verizon, AT&T, Sprint, and T-Mobile have all been questioned about their data selling practices in the past.

Pai says that he's committed to ensuring that carriers comply with the Communications Act and the FCC's rules, and the carriers that have been found in violation of the law could be facing fines.