AT&T breach affects 19,000 customers

Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected.

AT&T has notified close to 19,000 customers that their personal data was compromised over the weekend (26-27 August) leaving them at risk for identity fraud.

Priscilla Hill-Ardoin, the company's chief privacy officer, said in a statement that digital miscreants hacked one of its computer systems and gained access to credit card information and other personal data. The security breach primarily affects customers who used AT&T's online store to buy DSL equipment.

In response to the breach, the San Antonio-based company notified victims' credit card companies and closed the section of its online store used to purchase DSL products. AT&T also notified customers of the breach by phone, email and traditional mail and offered to pay for credit monitoring services for those affected.

"We recognise that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," Hill-Ardoin said.

AT&T spokesman Walt Sharp told the Associated Press (AP) that so far, no cases of fraud have been reported. He noted that routine security monitoring quickly identified the breach. He said investigators are now trying to determine who the culprits are and how they managed to hack into the system.

Sharp told the AP that AT&T's online store for DSL equipment was the only company site to be hacked. DSL subscribers weren't affected.

The AT&T incident is the latest in a long string of security breaches companies have been forced to disclose in the last year and a half.

Close to 91 million records containing sensitive personal information had been stolen as of Aug. 26, according to a list maintained by the Privacy Rights Clearinghouse (PRC).

According to the PRC, some of the more recent breaches involved the following organisations:

  • PortTix LLC. Credit card information belonging to about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site.

  • The U.S. Department of Transportation's Federal Motor Carrier Safety Administration. A laptop that possibly contained personal information of people with commercial driver's licenses was stolen Aug. 22. Data such as names, dates of birth and commercial driver's license numbers of 193 individuals from 40 trucking companies may have been compromised.

  • Dominion Resources Inc. Two laptops housing employee information were stolen earlier this month. It unclear what type of data was affected. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

  • The U.S. Dept. of Education. A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the department's loan Web site. Information included names, birthdates, Social Security numbers, addresses, phone numbers, and in some cases, account information.
  • Read more on IT risk management