AT&T Worker Peers into Employer’s Cache of Customer Data
Telecommunications
An AT&T employee is accused of illegally snooping into the personal data of customers, marking the second insider attack to hit the telecommunications giant this year.
The data accessed includes Social Security numbers and network account information.
Michael A. Chiarmonte, AT&T director of finance billing operations, wrote in a sample notification letter filed with the Vermont attorney general, “We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization.”
The number of customers victimized was not disclosed in the letter. Sources familiar with the situation tell the Register that the scope of the compromise was limited to about 1,600 people.
AT&T is directly contacting affected customers, Re/code reports.
The employee in question apparently was axed.
In April, personnel at an AT&T third party vendor reportedly retrieved the SSNs and other sensitive data of an undisclosed number of telecom customers apparently to unlock smartphones and resell them.
Original Report:
threatpost.com/att-hit-by-insider-breach/108705
NEXT STORY: What the JPMorgan Hack Says about the State of Cybersecurity