AT&T suffers insider data breach, including Social Security and driver’s license numbers

BY Joe Rossignol

Published 7 Oct 2014

att-logo-big1

AT&T on Monday issued a warning to consumers about an insider that illegally accessed the personal information of an unspecified amount of users. In a letter to the Vermont attorney general, the U.S. carrier apologized for the incident and assured that the employee no longer works for AT&T. The carrier is offering one free year of credit monitoring service to affected customers.

AT&T claims that an employee violated the company’s strict privacy and security guidelines by accessing the account information of customers during August 2014. This data includes, but is not limited to, Social Security numbers and driver’s license numbers. The employee was also able to view Customer Proprietary Network Information (CPNI) without proper authorization.

Kaspersky Lab security news service Threatpost has shared the following excerpt from the letter:

“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said Michael A. Chiarmonte, director of finance billing operations at AT&T, in a letter to the Vermont AG.

Customer Proprietary Network Information (CPNI) includes data related to the services purchased from AT&T by customers.

AT&T recommends that customers change their usernames and passwords as a precautionary measure.

[via Threatpost]