Telecommunications giant AT&T has sent out letters to roughly 1,600 customers, informing them of a data breach which involved their personal identifying information (PII).
According to the letter, the data breach came about when an AT&T employee ‘violated our strict privacy and security guidelines by accessing your account without authorization in August 2014’.
It continued: ‘while doing so, [the employee] would have been able to view and may have obtained your account information including your social security number and driver’s license number’.
The final piece of information which was accessed without authorization was customer propriety network information – information about which AT&T services a customer is using.
AT&T is offering the usual free credit monitoring service to affected customers and has since fired the employee.
AT&T has not revealed what role this employee had or how they gained unauthorized access to PII.
I’m keen to learn how an employee gained access to something they shouldn’t have and if AT&T is implementing stronger security to prevent this happening again. Many organizations now use staff awareness training to avoid issues such as these.