While its unknown how many customers were affected by the breach, California law requires a public disclosure by a company who has suffered a breech when the amount of customers potentially affected exceeds 500. Presumably, AT&T Inc. (NYSE:T)’s confirmation of the breach last week means that the numbers warranted the announcement.
AT&T’s statement
“We recently learned that three employees of one of our vendors accessed some AT&T Inc. (NYSE:T) customer accounts without proper authorization,” AT&T executive director for media relations Mark Siegel told Re/code. “This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, notified affected customers, and reported this matter to law enforcement.” The breach occurred between April 9 and April 21, and the “hackers” stole information that they would need to access the Customer Proprietary Network Information (CPNI) information on certain devices that would unlock their use from the AT&T network allowing the resale of the same devices.
Snail mail to those affected
In addition, to the public disclosure and contact with California’s Attorney General’s office and law enforcement, the company also contacted each customer that was potentially affected by snail mail. A wise decision given the fact that there was a data breach involved. The correspondence told the customers to change the passwords associated with their accounts and also offered those it contacted a year of free credit monitoring through a partner to stave off and detect unauthorized charges that may occur due to the breech. Data breaches are serious business, and so far it appears that AT&T Inc. (NYSE:T) is taking the matter quite seriously. Target is still struggling with trust issues from its customers following a massive data breach that occurred during the holiday shopping season last year. That breech ultimately cost Target’s CEO his job as he fell on his sword following the enormity of the breach.
