AT&T Chicago store (interior 001)

AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.

Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach.

The individual responsible for the incident [obviously] no longer works for AT&T, and law enforcement officials have been notified. The carrier has also alerted those whose information may have been compromised, and is offering them a free one-year subscription to a credit monitoring service.

AT&T is currently the second largest wireless carrier in the US, behind Verizon, and this is the second time this year it’s admitted to suffering a security breach. In June, it confirmed that an unknown number of customer accounts were accessed by a third party vendor in search of unlocking codes.

[Threatpost]