AT&T revealed that a security breach perpetrated by employees of one of its vendors has compromised the personal data of customers. The data breach, which lasted for two weeks, exposed customer information such as call records and social security numbers.
“We recently determined that employees of one of our service providers violated out strict privacy and security guidelines by accessing your account without authorization between April 9 and 21, 2014, and, while doing so, would have been able to view your social security number and possibly your date of birth… Additionally, while in your account, these individuals would also have been able to view your Customer Proprietary Network Information (CPNI) without proper authorization. CPNI is information related to the telecommunications services you purchase from us,” said AT&T Consumer Center Sales and Services Director Brian Woolverton, in a letter sent to customers.
“On behalf of AT&T, please accept my sincerest apology for this incident. Simply stated, this is not the way we conduct business, and as a result, our service provider has notified us that these individuals no longer work for them.”
The stolen information is believed to be intended for requesting codes from AT&T to unlock mobile phones so that it can be resold and used with other carriers. The company did not divulge how many customers were affected. However, it is offering to compensate affected users by providing one year of free credit monitoring.
The breach did not have any effect on AT&T mobile devices. Nonetheless, the company is advising customers to change the passwords for their user accounts. The incident comes less than a week after a similar data breach at restaurant chain at P.F. Chang’s. The company said hackers may have gained access to thousands of credit and debit card numbers.