Priscilla Hill-Ardoin, the company's chief privacy officer, said in a statement that digital miscreants hacked one of its computer systems and gained access to credit card information and other personal data. The security breach primarily affects customers who used AT&T's online store to buy DSL equipment.
In response to the breach, the San Antonio-based company notified victims' credit card companies and closed the section of its online store used to purchase DSL products. AT&T also notified customers of the breach by phone, email and traditional mail and offered to pay for credit monitoring services for those affected.
"We recognise that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," Hill-Ardoin said.
AT&T spokesman Walt Sharp told the Associated Press (AP) that so far, no cases of fraud have been reported. He noted that routine security monitoring quickly identified the breach. He said investigators are now trying to determine who the culprits are and how they managed to hack into the system.
Sharp told the AP that AT&T's online store for DSL equipment was the only company site to be hacked. DSL subscribers weren't affected.
The AT&T incident is the latest in a long string of security breaches companies have been forced to disclose in the last year and a half.
Close to 91 million records containing sensitive personal information had been stolen as of Aug. 26, according to a list maintained by the Privacy Rights Clearinghouse (PRC).
According to the PRC, some of the more recent breaches involved the following organisations: