AT&T (NYSE: T) said it fired an employee who gained unauthorized access to personal information on around 1,600 customers, including their Social Security and driver's license numbers. Nearly all of the customers affected were wireless customers, according to AT&T.
The company said the unauthorized privacy breach occurred in August and that it only recently learned of the incident. The company said in a letter sent to affected customers that any unauthorized charges or changes to customers' accounts will be reversed, and that AT&T will offer up to a year of free credit monitoring for affected subscribers.
AT&T also said the employee would have also been able to view subscribers' customer proprietary network information (CPNI). CPNI includes the phone numbers of the caller and those the subscriber called, the duration of calls, the location at the beginning and end of calls and other similar information. As a result, AT&T said it had notified federal law enforcement authorities about the breach, as required by FCC regulations.
"We take our customers' privacy very seriously and value the trust they have in us," AT&T said in a statement sent to multiple news outlets. "Unfortunately, we recently learned that one of our employees did not follow our strict privacy rules and inappropriately obtained some customer information. This individual no longer works at AT&T and we are directly contacting the limited number of affected customers."
"On behalf of AT&T, please accept my sincere apology for this incident," AT&T's Michael Chiaramonte, AT&T's director of financial billing operations, wrote in the letter, which was posted to the Vermont Attorney General's website. "Simply put, this is not the way we conduct business and, as a result, this individual no longer works for AT&T."
As the New York Times notes, AT&T's incident does not affect nearly as many people as the recent hacking attacks against companies like Home Depot and Target, which involved tens of millions of customer accounts. However, the incidents have motivated companies to step up their privacy protections. Apple (NASDAQ: AAPL), for example, recently said it improved its own security technologies.
- see this AT&T letter (PDF)
- see this Threatpost article
- see this NYT article
- see this Reuters article
- see this Re/code article
Apple highlights privacy safeguards amid concerns over user data being compromised
Leading German telcos face NSA, GCHQ spy probe
TeliaSonera latest to reveal authorities' communication-interception requests
European leaders discuss home-grown comms network to prevent U.S. spying
Deutsche Telekom launches mobile encryption app
NSA, GCHQ target 'leaky' apps to gather data on smartphone users, according to Snowden leak
Article updated Oct. 8 with additional information from AT&T.