AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users. The compromised data includes Social Security numbers and driver’s license numbers.

In a letter sent to the Vermont attorney general, AT&T officials said that the breach occurred in August and that the employee in question also was able to access account information for AT&T customers.

“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said Michael A. Chiarmonte, director of finance billing operations at AT&T, in a letter to the Vermont AG.

The CPNI he referred to in the letter includes data that’s related to the services that consumers buy from the company. Chiarmonte said that the letter that the employee responsible for the breach no longer works for AT&T. It’s not clear from AT&T’s disclosure how many consumers have been affected by the breach or which other states may have citizens who are affected.

As a result of the breach, AT&T is offering affected customers a year of free credit monitoring, as has become customary in these incidents. The company also is recommending that customers change the passwords on their accounts.

“On behalf of AT&T, please accept my sincere apology for this incident,” Chiarmonte said in the letter.

Image via the Flickr photo stream of Mike Mozart

Categories: Hacks, Web Security

Comments (13)

  1. Stephen King
    2

    It would be nice if we had more detail. So what if this person accessed my information and broke your company policy. I’m more interested in his intent. Did he copy it, steal it, down load it,take it home, i.e. criminal intent etc? Or, was he just being nosy in the office? In other words, did he give/sell/conspire my data away to other third parties?

  2. c lange
    3

    I for one would like to clearly know if this employee is a vendor for Att (whovh means it could be any country anywhere)

  3. Laoni
    6

    I haven’t received anything from at&t on this matter yet…how do we know exactly who was/is affected by this

  4. MalcolmTucker
    7

    It seems that AT&T customers may be better off with a different company. As an example, when you bring your AT&T phone to T-Mobile, you get a better rate and T-Mobile never asks you for a SSN number. They don’t collect your SSN if you bring your own device; there’s nothing that can be breached.

    Still, it’s baffling because customers don’t have the ability to make good hiring decisions at AT&T, and AT&T has to put out a public statement.

    This public statement, in the form of a letter on AT&T letterhead sent to the Vermont Attorney General, signed by a Director of Billing Operations goes a long way to let everyone know AT&T still has billing related problems.

    All this time, I thought the only problems at AT&T were home/corded phone rentals (after 1984), billshock and questionable USF service fees (started being collected in 1898) to pay for the Spanish-American war, and other “access fees”.

    Overally, I think it’s classy that AT&T decided to run the letter by it’s legal department; and they thought it was a good enough letter to file a copyright. 🙂

    So yes, if you value your privacy, it is definitely wiser to do business with a company that doesn’t collect your SSN as a requisite requirement to sell utility service. There’s nothing that can be breached.

    • Brian Donohue
      9

      Very sorry about that. We’re usually on point about attributing images. We must have used this picture before and just pulled it from the previous story without carrying over the attribution information. (We may actually replace this with a clearer pic from your photo stream).

      Thanks,

      Brian.

  5. Steve Sommers
    11

    Ignoring the security measures that were or were not in place, why does AT&T need to store people social security numbers?

  6. jig
    12

    Not sure if I can trust #AT&T anymore. They do certain things without informing their customers and then, takes forever to resolve the issue. They have disconnected my unlimited data plan and gave me a date for resolution. It’s past that date and still have not be resolved yet. Instead they are saying that there might be a chance that I might not get the plan back. And every time I speak with different customer service, they each gives me different answers. Seems to me like the company needs to train on their employee and have them have the right answer and not just “I think you might” since it is their responsibilities to know and have the details for the customers.

Comments are closed.