Sprint has sent letters to thousands of its customers informing them that a former employee compromised their personal account data over the course of two months in 2008 and 2009. Brian Krebs [Security Fix] says that the company mailed warnings to several thousand customers and that the breach could have been far worse had Sprint not recently upgraded its security controls.
Sprint spokesman Matt Sullivan declined to say how many customers were sent the letters, but said it was less than one percent of its customer base. A woman who answered the phone at the 800 number set up to handle this incident said “several thousand” customers were affected.
The breach may have exposed more sensitive information had Sprint not recently put in place some protections around that data.
“We implemented a billing platform about a year ago that has advanced security features designed to catch things like an employee accessing information that they shouldn’t be,” Sullivan said. “That platform limits information that employees can access, such as Social Security numbers, and any sort of payment information.”