14 DAY TRIAL // AT&T mobile carrier announced that it had to deal with an inside breach that resulted in personal customer information being exposed to an unauthorized individual.
The incident did not occur as a result of a cyber-attack, but because a company employee violated the privacy and security guidelines imposed for accessing information about customers.
Without having any authorization to do so, the employee accessed account details that included social security numbers and driver’s license number.
Phone call details have also been accessed
In a letter to the affected customers, AT&T director of finance billing operation, Michael Chiaramonte, explained that apart from these details, the individual also viewed the Customer Proprietary Network Information (CPNI).
CPNI contains details about the telecommunication services purchased from the company.
At first, it may not sound like much, but this actually refers to the numbers a customer calls, along with other information accompanying them, such as duration of the conversation, time and date.
Based on this information, mobile carriers issue the phone bill. As such, the AT&T employee had access to all the details included in the list of charges.
AT&T offers one year of free credit monitoring
Among the steps taken by the company to address the issue was terminating the contract of the employee who caused the incident.
Furthermore, the mobile carrier informs that if unauthorized changes or charges occur to an affected account, these would be reversed.
A greater danger is posed by the exposure of the clients’ social security number, which could lead to identity theft.
To mitigate such risk, AT&T already contracted the services of a company specialized in identity theft protection, and all the customer has to do is enroll and activate the feature.
All the details about how to access the ID protection measures are provided in the letter.
The letter is addressed to consumers in the state of Vermont, but customers in other areas may also be affected.
Because personally identifiable information was accessed and potentially copied, according to Vermont’s Security Breach Notice Act, companies have a duty to notify consumers of a security breach. The organizations also have to send to the Attorney General a copy of the letter addressed to its customers.
AT&T recommends its customers to increase the security of their account by locking it with a password. If a countersign already protects access to the account, then the recommendation is to change it.
Also as a precaution, it is advisable to contact major credit reporting entities and place a fraud alert on the credit report.