More than a year and a half after wireless carriers were caught red-handed selling the real-time location data of their customers to anyone willing to pay for it, the FCC has determined that they committed a crime. An official documentation of exactly how these companies violated the law is forthcoming.

FCC Chairman Ajit Pai shared his finding in a letter to Congressman Frank Pallone (D-NJ), who chairs the Energy and Commerce Committee that oversees the agency, and others in the House. Rep. Pallone and his colleagues have been active on this and prodded the FCC for updates throughout last year, eventually prompting today’s letter.

“I wish to inform you that the FCC’s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law,” Pai wrote.

Extensive it must have been, since we first heard of this egregious breach of privacy in May of 2018, when multiple reports showed that every major carrier (including TechCrunch’s parent company Verizon) was selling precise location data wholesale to resellers who then either resold it or gave it away. It took nearly a year for the carriers to follow through on their promises to stop the practice. And now, 18 months later, we get the first real indication that regulators took notice.

“It’s a shame that it took so long for the FCC to reach a conclusion that was so obvious,” said Commissioner Jessica Rosenworcel in a statement issued alongside the chairman’s letter. She has repeatedly brought up the issue in the interim, seemingly baffled that such a large-scale and obvious violation was going almost completely unacknowledged by the agency.

Commissioner Brendan Starks echoed her sentiment in his own statement: “These pay-to-track schemes violated consumers’ privacy rights and endangered their safety. I’m glad we may finally act on these egregious allegations. My question is: what took so long?”

Chairman Pai’s letter explains that “in the coming days” he will be proposing a “Notice of Apparent Liability for Forfeiture,” for several of them. This complicated-sounding document is basically the official declaration, with evidence and legal standing, that someone has violated FCC rules and may be subject to a “forfeiture,” essentially a fine.

Right now that is all the information anyone has, including the other commissioners, but the arrival of the notice will no doubt make things much clearer — and may help show exactly how seriously the agency took this problem and when it began to take action.

Representative Pallone issued the following statement after receiving the letter:

Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers’ real-time location data. This is certainly a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.

Disclosure: TechCrunch is owned by Verizon Media, a subsidiary of Verizon Wireless, but this has no effect on our coverage.