AT&T Employee Illegally Accessed Private Customer Data

AT&T has just acknowledge that it had a data leak, but unlike most security breaches, this one happened from within its own ranks. In a letter to affected customers, the US carrier informed them that an employee violated the company's strict privacy and security guidelines and obtained customer account information, which unfortunately includes social security and driver's license numbers.

According to AT&T's letter to customers as well as to the Vermont attorney general, the unauthorized access took place around August this year. It doesn't mention the number of affected users, which is said to be around 1,600, but does list some of the information that the said employee has been able to obtain, including the customer's CPNI or Customer Proprietary Network Information. This refers to services that AT&T's customers subscribe to. In other words, almost everything that can be used for fraud or identity theft.

Unlike recent incidents that have involved companies such as Target, Home Depot, or even Apple, the incident wasn't initiated by an external party or hackers trying to break in and obtain information. This was completely internal and involves a wayward employee, who of course remains unnamed. Nevertheless, this is definitely a huge PR fallout for the carrier considering the severity of the situation and the nature of the stolen information. Needless to say, the employee has been duly fired and there will undoubtedly be criminal charges involved.

All that AT&T could do is to say sorry and give some amount of recompense. AT&T finance billing operations director Michael A. Chiarmonte made the formal apology and insisted that this is not how the company conducts its business. AT&T will be giving affected subscribers one year free credit monitoring. It also recommends that users change their passwords, which might seem almost too trivial considering that unchangeable SSNs were stolen as well.

VIA: Re/code, Threatpost