Telecom giant AT&T is warning consumers about a data breach involving an insider who illegally accessed customers personal information on an unknown amount of users. Compromised data includes social security numbers and driver’s license numbers.
In a letter sent to the Vermont attorney general, AT&T said the breach occurred back in August, and that the employee was able to access account information on AT&T customers.
“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said Michael A. Chiarmonte, director of finance billing operations at AT&T, in a letter to the Vermont attorney general.
The customer proprietary network information Chiarmonte referred to in the letter includes data that relates to the services customers buy from the company, AT&T in this case. AT&T’s investigation team believes the rogue employee may have misused some of the stolen credentials during the time of the breach. In the company’s letter, AT&T has not made it clear how many customers have been affected in the breach or which states may have been targeted in the inside data breach.
As common with large scale high-profile data breaches, AT&T is offering affected customers a year of free credit monitoring services. AT&T has also urged affected customers to change their AT&T password.
Just last June we saw AT&T suffer a data breach caused by three of its vendor employees who accessed customer data to gain unlock codes from the company. Customer data was not financially misused at the time, but vendors still had access to large portions of sensitive user data.
“On behalf of AT&T, please accept my sincere apology for this incident,” Chiarmonte wrote in the letter. Chiarmonte also confirmed the employee has since been terminated.