Mobile security

AT&T Apologizes for Insider Data Breach

In another reminder that threats can come from the inside, AT&T is now telling its customers that it suffered a data breach in August in which an insider illegally accessed its customers' personal information.

The carrier confirmed to Light Reading that the data breach did happen, affecting a limited number of customers that it has contacted by mail. A now-fired employee illegally tapped into consumers' personal data, including Social Security numbers, driver's license numbers and Customer Proprietary Network Information (CPNI), which is data related to the services a customer purchases from AT&T Inc. (NYSE: T).

"We take our customers’ privacy very seriously and value the trust they have in us," an AT&T spokesman said in an emailed statement. "Unfortunately, we recently learned that one of our employees did not follow our strict privacy rules and inappropriately obtained some customer information. This individual no longer works at AT&T, and we are directly contacting the limited number of affected customers."

For more on important security topics, be sure to attend Light Reading's Mobile Network Security Strategies Show on December 3 in NYC.

In response to the breach, AT&T is offering affected customers a year of free credit monitoring and is refunding any nefarious charges made on their behalf.

This isn't the first time a data breach has occurred within AT&T. Back in June, three employees of one of its vendor partners accessed some of its customers' accounts to get unlock codes for their devices.

AT&T Chief Security Officer Ed Amoroso said last month at the carrier's security conference that -- in addition to technology measures -- the best way to protect your company is by "training your employees not to do dumb stuff." Of course, weeding out the potential criminals in the bunch is also important, albeit a little harder to do. (See AT&T's Amoroso: To Battle New Threats, Mobilize Your People.)

— Sarah Reedy, Senior Editor, Light Reading

sam masud 10/8/2014 | 2:06:10 PM
Re: monitoring These credit monitoring "services" are a pain in the derriere and, as you rightly point out, a loan request can raise red flags. Frankly, I don't understand why there is not a law that requires these companies to proactively notify people if for some reason they lower your credit rating. Instead of grandma bell notifying a "limited number of affected customers" about the breach, ATT and any other businesses should  be required to also notify the credit reporting companies--rather than having customers go through the hassle of protecing their credit score when they are not at fault.


Ariella 10/8/2014 | 9:52:58 AM
Re: monitoring @kq4ym do they usually have motives beyond using the credit cards? 
kq4ym 10/8/2014 | 8:35:16 AM
Re: monitoring Although we hear of the data breaches with regularity, I've not heard much in the press about the results of the breaches. Just what percentage of customers might have encountered a problem with their credit cards or credit reports. I'm guessing it's a very small number. Or in this case, it was admitted the employee was caught accessing the data, but not reported what his motive was.
KBode 10/7/2014 | 1:10:09 PM
Re: Changed process They didn't specify.

As carriers get into debit card services and location tracking, can you imagine the treasure trove of personal data that's starting to accumulate at these companies? We (and they) had better hope their security standards are up to snuff.
Mitch Wagner 10/7/2014 | 11:05:23 AM
Changed process Do we know whether AT&T has changed its hiring process to protect against further breaches of this type?
Ariella 10/7/2014 | 10:20:37 AM
Re: monitoring @mhhf1ve agreed, they're not all that useful. A credit card I used to have was quite vigilant itself -- sometimes a bit too vigilant. My husband and I each had cards for the account. One day we both got gas at the same station at different times. That caused the account to temporarily freeze because it iwas noted as a red flag. 
mhhf1ve 10/6/2014 | 10:37:20 PM
Re: monitoring Credit monitoring services, though, are not exactly effective against preventing further offenses to your credit or identity. They can only attempt to track suspicious activity -- and in doing so, usually make it much more annoying to go about your normal practices. (Eg. many of these credit monitoring services raise a flag for loan requests, so they you have to jump through extra hoops to obtain a loan, which is good in a way, but also very annoying if you didn't have to do it in the first place).
Ariella 10/6/2014 | 7:43:00 PM
monitoring "In response to the breach, AT&T is offering affected customers a year of free credit monitoring "

That seems to be a standard offer, just the year is a  bit longer than standard. . I recall seeing HomeDepot offer 6 months of credit monitoring, and I think Target offered the same.
Sign In