AT&T, one of the US’s biggest telecoms, has fired an insider for having thumbed through customer accounts without authorization and potentially slurping customers’ taxpayer IDs, driver license numbers and more.
Sources familiar with the incident said about 1,600 people were affected, according to The Register.
Michael A. Chiarmonte, director of finance billing operations at AT&T, said in a letter that the now-former employee got into people’s accounts in August:
We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver's license number.
Additionally, while accessing your account, the employee would also have been able to view your Customer Proprietary Network Information without proper authorization.
The CPNI he mentions is information about the services a customer gets from its telecom, such as what type of services a customer buys, how they’re used, and calling details.
It does not, however, include telephone number, name or address, which aren’t considered CPNI.
AT&T’s offering identity-theft insurance and a year of credit monitoring services to customers for free, though both are offered on an opt-in basis.
Subscribers have to enroll using an ID number provided by the company.
AT&T is also recommending that customers change their account passcode if they have one.
If not, why not? Seriously do ponder using one!
At any rate, you’ll need a passcode if you ring up an AT&T rep, access your account online or want help in a retail store, the company says.
Customers won’t have to pay up for any bogus charges made as a result of the data breach, AT&T promises.
This is actually the second time this year that AT&T’s had to write one of those Dear [Name] letters, and both times, an insider’s been behind the breach.
In June, the company confessed to another data breach, this one as part of a con job to unlock and resell devices that a gang of its contractors was pulling.
If AT&T hasn’t figured it out by now, somebody should tell the company that employees, be they current or former, permanent or contractual, are a scary, scary bunch.
A new report from PcW found that, in fact, employees were the most-cited culprits for security incidents this year.
The FBI backs that up: last month, the bureau was warning businesses about the growing threat of employees with an axe to grind.
Sheesh – humans sure are dangerous.
Well, a solution might be in the offing, but it ain’t pretty: Gartner recently predicted that one in three jobs will be converted to software, robots and smart machines by 2025, as new digital businesses require less labor and machines will make sense of data faster than humans can.
Laying off one-third of the world’s workers: that’s a hell of a harsh approach to dealing with insider threats.
Anybody got a kinder, gentler solution for AT&T and all the other organizations that are getting clobbered from the inside out?Follow @NakedSecurity