The personal information of an unknown number of AT&T customers was illegally accessed by an employee, prompting the company to send out a warning letter and fire the employee.
In a letter published online by Vermont’s Attorney General, the company said that an employee gained unauthorized access to private customer information. The letter, which was signed by Michael A. Chiaramonte, director of finance billing operations, did not specify how many customers may be at risk. Quoting sources familiar with the matter, however, the Register’s Shaun Nichols reports that around 1,600 accounts were involved.
“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information, including your social security number and driver’s license number,” AT&T’s letter said.
The letter also said the rogue insider would have gained access to Customer Proprietary Network Information (CPNI), “information related to the telecommunications services you purchased from us,” clarified AT&T.
A company spokesperson told Re/code that law enforcement was involved and that affected customers were being contacted directly. Any unauthorized charges will be reversed, AT&T added. Customers are also being offered one year of credit monitoring.
Questions remain about why it’s necessary for AT&T to store the Social Security Numbers and driver’s license numbers of their customers.
AT&T did not immediately respond to a request for comment.
H/T ThreatPost | Photo via las – initially/Flickr (CC by 2.0)