AT&T has notified close to 19,000 customers that their personal
data was compromised over the weekend (26-27 August) leaving them
at risk for identity fraud.
Priscilla Hill-Ardoin, the company's chief privacy officer, said
in a statement that digital miscreants hacked one of its computer
systems and gained access to credit card information and other
personal data. The security breach primarily affects customers who
used AT&T's online store to buy DSL equipment.
In response to the breach, the San Antonio-based company
notified victims' credit card companies and closed the section of
its online store used to purchase DSL products. AT&T also
notified customers of the breach by phone, email and traditional
mail and offered to pay for credit monitoring services for those
affected.
"We recognise that there is an active market for illegally
obtained personal information. We are committed to both protecting
our customers' privacy and to weeding out and punishing the
violators," Hill-Ardoin said.
AT&T spokesman Walt Sharp told the Associated Press (AP)
that so far, no cases of fraud have been reported. He noted that
routine security monitoring quickly identified the breach. He said
investigators are now trying to determine who the culprits are and
how they managed to hack into the system.
Sharp told the AP that AT&T's online store for DSL equipment
was the only company site to be hacked. DSL subscribers weren't
affected.
The AT&T incident is the latest in a
long string of security breaches companies
have been forced to disclose in the last year and a half.
Close to 91 million records containing sensitive personal
information had been stolen as of Aug. 26, according to a
list maintained by the Privacy Rights
Clearinghouse (PRC).
According to the PRC, some of the more recent breaches involved
the following organisations:
- PortTix LLC. Credit card information belonging to about
2,000 people who ordered tickets online through PortTix was
accessed by someone who hacked into the Web site.
- The U.S. Department of Transportation's Federal Motor
Carrier Safety Administration. A laptop that possibly contained
personal information of people with commercial driver's licenses
was stolen Aug. 22. Data such as names, dates of birth and
commercial driver's license numbers of 193 individuals from 40
trucking companies may have been compromised.
- Dominion Resources Inc. Two laptops housing employee
information were stolen earlier this month. It unclear what type of
data was affected. No customer records were on the computers.
Dominion operates a gas and electric energy distribution
company.
- The U.S. Dept. of Education. A faulty Web site software
upgrade resulted in personal information of 21,000 student loan
holders being exposed on the department's loan Web site.
Information included names, birthdates, Social Security numbers,
addresses, phone numbers, and in some cases, account
information.