Personal information from customers compromised by insider breach breach at AT&T

AT&T is offering an apology and a free year's worth of credit monitoring services to customers who may have been affected by a security breach. Unlike recent breaches at retailers like Target and Home Depot, AT&T's was done by an insider who had illegally accessed personal information from subscribers, including Social Security numbers and driver's license information. The breach affects an unspecified number of AT&T accounts and was believed to happen in August 2014.

In a letter to Vermont's Attorney General, AT&T director of finance billing operations Michael Chiarmonte wrote:

We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver's license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization.

The carrier said that it is reaching out to customers who may have been affected by the breach. AT&T is quick to point out that it is working with law enforcement officials and that the responsible employee is no longer a part of the AT&T organization.

In a note to Re/Code, spokesman Mark Siegel said that the breach only affected "a limited number of customers," though he did not specify how many were impacted.

AT&T said that unauthorized charges will be reversed and that customers should change their passwords on accounts.

Have you received notice from AT&T?

Source: Threat Post, Re/Code