AT&T Reports Third-Party BreachEmployees of Vendor Accessed Customers' Accounts
AT&T is notifying an undisclosed number of its customers that their personal information was compromised after three employees of a third-party service provider accessed customer accounts without authorization.
See Also: The Global State of Online Digital Trust
From April 9-21, the employees of the vendor were able to view AT&T customers' Social Security numbers and possibly their dates of birth, the company says in a notification letter sent to the California Attorney General's office.
The employees were also able to view Customer Proprietary Network Information without proper authorization, AT&T says. "CPNI is information related to the telecommunications services you purchase from us," the company says.
AT&T says the vendor's employees most likely accessed customer accounts as part of an effort to request codes from AT&T that are used to unlock AT&T mobile phones in the secondary mobile phone market, so that those devices can then be activated with other telecommunications providers.
AT&T spokesman Marty Richter, in a statement to Information Security Media Group, says the company has taken several steps following the incident, including notifying affected customers and reporting the matter to law enforcement. "This [incident] is completely counter to the way we require our vendors to conduct business," Richter says. "We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously."
Affected individuals are being offered free credit monitoring services for one year. AT&T is also recommending that customers contact the major credit reporting agencies to place a fraud alert on their credit report. Additionally, the company is advising customers should change their passcodes on their accounts.