Telecommunications giant AT&T confirmed this week that several employees of one of its vendors gained unauthorized access to customer information including date of birth, Social Security number, and service usage in April, but the company has provided few other details.
AT&T reported the data breach to the California Attorney General’s office, providing a sample customer notification letter that revealed that an unidentified service provider’s employees accessed information in an apparent effort to obtain codes to “unlock” mobile phones to activate service with other telecommunications providers. The breach occurred between April 9 and April 21, AT&T reported.
The firm’s letter to customers explained that the hackers would also have been able to view “Customer Proprietary Network Information” while accessing accounts.
AT&T apologized to customers, noting, “Simply stated, this is not the way we conduct business, and as a result, our service provider has notified us that these individuals no longer work for them.
The letter told customers that they will provide one year of free credit monitoring and advised them to change account passcodes.
AT&T’s media representatives failed to respond to requests for comment from Advisen. No additional statements have been released on the company’s corporate website, nor has AT&T announced how many customer accounts were affected, or whether the firm can contractually hold its vendor responsible for the data breach. It also did not say when it discovered the breach, which occurred two months ago.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
