AT&T Chicago store (interior 001)

AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.

Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach.

The individual responsible for the incident [obviously] no longer works for AT&T, and law enforcement officials have been notified. The carrier has also alerted those whose information may have been compromised, and is offering them a free one-year subscription to a credit monitoring service.

AT&T is currently the second largest wireless carrier in the US, behind Verizon, and this is the second time this year it’s admitted to suffering a security breach. In June, it confirmed that an unknown number of customer accounts were accessed by a third party vendor in search of unlocking codes.

[Threatpost]

  • A’s Network

    Dang… at least AT&T is being honest here and is giving people who could be affected a free year subscription to a credit monitoring service.

    I think Employees shouldn’t have all of this information and only the top most executives should… or everything should be securely computerized…

    • RuddyN

      Of course they have to be honest about it… Could you imagine the number of lawsuits if they didn’t offer this credit monitoring? Still, I imagine there will be many.
      And let me get this straight.. So you only want the top most executives to handle customer service? Are you kidding me? How do you think they verify someone over the phone when they’ve forgotten their password/security questions? That’s right, social security number, among other information. You don’t think everything is securely computerized? Yes, because whenever someone calls and it gets transferred to another country, they just so happen to have every subscribers file in a cabinet right near their desk. For all we know, it could have been the manager of their system security. We don’t know anything of this employee.

    • Jonathan

      If I remember correctly, Home Depot offered the same thing for those possibly affected by their security breach.

    • Sound_Mind24

      Secure, nothing is 100%. Look at chase bank been hack on last Thrusday.

  • Eric

    Has there been any mention of this affects only a small number of customers or is this all customers?

    I’m shocked there isn’t a security protocol in place that needs double or triple authentication when someone is accessing, let alone downloading, sensitive information of this nature.

  • Deidre Melton

    If i am maybe not mistaken (and i could be) if you get these update applications from your own carrier it’s additional on top of your regular statement also.