In another reminder that threats can come from the inside, AT&T is now telling its customers that it suffered a data breach in August in which an insider illegally accessed its customers' personal information.
The carrier confirmed to Light Reading that the data breach did happen, affecting a limited number of customers that it has contacted by mail. A now-fired employee illegally tapped into consumers' personal data, including Social Security numbers, driver's license numbers and Customer Proprietary Network Information (CPNI), which is data related to the services a customer purchases from AT&T Inc. (NYSE: T).
"We take our customers’ privacy very seriously and value the trust they have in us," an AT&T spokesman said in an emailed statement. "Unfortunately, we recently learned that one of our employees did not follow our strict privacy rules and inappropriately obtained some customer information. This individual no longer works at AT&T, and we are directly contacting the limited number of affected customers."
In response to the breach, AT&T is offering affected customers a year of free credit monitoring and is refunding any nefarious charges made on their behalf.
This isn't the first time a data breach has occurred within AT&T. Back in June, three employees of one of its vendor partners accessed some of its customers' accounts to get unlock codes for their devices.
AT&T Chief Security Officer Ed Amoroso said last month at the carrier's security conference that -- in addition to technology measures -- the best way to protect your company is by "training your employees not to do dumb stuff." Of course, weeding out the potential criminals in the bunch is also important, albeit a little harder to do. (See AT&T's Amoroso: To Battle New Threats, Mobilize Your People.)
— Sarah Reedy, Senior Editor, Light Reading