AT&T has written a letter to customers and the Vermont attorney general detailing a data breach from within their own company.
In August, an AT&T employee obtained customer account information including social security and driver license numbers. It is not known how many customers were affected although some are guessing that it could be as much as 1,600 customers (per Re/code). The employee has since been fired and criminal charges are expected in the near future.
AT&T finance billing operations director, Michael A. Chiarmonte, wrote the apology letter and stated that they would be giving affected subscribers one year of free credit monitoring and will reverse any unauthorized charges or changes to users accounts. Considering AT&T allowed a customer’s social security number to be stolen, it seems as if this should be the very least that AT&T could provide to those whose information was taken.
The fired employee also accessed a customers Customer Proprietary Network Information (CPNI), which is subscription information related to AT&T services. Because CPNI data was involved, AT&T notified federal law enforcement authorities, which is required by Federal Communications Commission regulations.