Verizon and AT&T vowed to sever ties with location aggregators after a third party improperly gained access to a wireless subscriber’s location information.

The moves come in response to a query from US Senator Ron Wyden, who questioned the nation’s top four wireless operators about their privacy practices after learning prison phone company Securus Technologies allowed law-enforcement agencies to track subscribers without judicial authorisation. Securus Technologies purchased the location information from data broker LocationSmart.

In a letter to Wyden, Verizon said LocationSmart and fellow aggregator Zumigo shared customer location data with around 75 third parties.

Location information is used by companies to provide a number of services, including roadside assistance, bank fraud protection, proximity marketing and mobile gaming. But Verizon said Securus Technologies’ use of the information for “investigative purposes” was not permitted by its agreement with LocationSmart.

AT&T, Verizon and T-Mobile US all told Wyden they blocked Securus Technologies’ access to customer location data as soon as they were made aware of the misuse. Sprint did not mention Securus by name in its response but noted it “maintains the contractual right to immediately suspend or terminate access to location information” if third parties don’t abide by the terms of its user agreements.

Verizon went on to say it would terminate its existing contracts with LocationSmart and Zumigo “as soon as possible” and will “not enter into new location aggregation arrangements unless, and until, we are comfortable that we can adequately protect our customers’ location data through technological advancements and/or other practices.”

In a separate statement to Associated Press, AT&T said it would also halt the sale of customer location data to aggregators.

The news comes in the context of heightened public scrutiny of data privacy practices in the wake of Facebook’s Cambridge Analytica scandal.