AT&T breach affects 19,000 customers

By Bill Brenner, Senior News Writer 30 Aug 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Priscilla Hill-Ardoin, the company's chief privacy officer, said in a statement that digital miscreants hacked one of its computer systems and gained access to credit card information and other personal data. The security breach primarily affects customers who used AT&T's online store to buy DSL equipment.

In response to the breach, the San Antonio-based company notified victims' credit card companies and closed the section of its online store used to purchase DSL products. AT&T also notified customers of the breach by phone, email and traditional mail and offered to pay for credit monitoring services for those affected.

"We recognize that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," Hill-Ardoin said.

AT&T spokesman Walt Sharp told the Associated Press (AP) that so far, no cases of fraud have been reported. He noted that routine security monitoring quickly identified the breach. He said investigators are now trying to determine who the culprits are and how they managed to hack into the system.

Sharp told the AP that AT&T's online store for DSL equipment was the only company site to be hacked. DSL subscribers weren't affected.

The AT&T incident is the latest in a long string of security breaches companies have been forced to disclose in the last year and a half.

Close to 91 million records containing sensitive personal information had been stolen as of Aug. 26, according to a list maintained by the Privacy Rights Clearinghouse (PRC).

According to the PRC, some of the more recent breaches involved the following organizations:

The U.S. Dept. of Education. A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the department's loan Web site. Information included names, birthdates, Social Security numbers, addresses, phone numbers, and in some cases, account information.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches TJX to pay $9.75 million for data breach investigations Man pleads guilty in online banking hacking scam White House cybersecurity czar faces major hurdles Heartland breach cost $12.6 million, CEO says An inside look at security log management forensics investigations LexisNexis investigates breach, notifies thousands Senators hear call for federal cybersecurity restructuring Former Federal Reserve Bank employee arrested Attackers cash in on fundamental data handling mistakes, Verizon finds Courts turn aside data breach suits

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary