Data bandits gained access to personal data of AT&T customers who bought DSL equipment from the telecommunications giant; a potential fraud threat is up for several thousand customers.
Posted Aug 30, 2006
Yet another well recognized organization has fallen victim to a security breach, potentially compromising some of its customer base. AT&T disclosed on Tuesday that hackers broke into a computer system and accessed personal data, including credit card information, from about 19,000 customers who purchased DSL equipment through its online store. The security breach occurred over the weekend, but was discovered within hours, according to the telco behemoth. The Web store immediately was shut down.
The company is notifying the several thousand affected customers via phone, email, and letter, and is providing these customers with a toll-free number to call for more information. The company will also pay for credit monitoring services for them. AT&T notified the major credit card companies whose customer accounts were involved, and is working with law enforcement to investigate the incident and pursue the hackers, according to the company.
Published reports indicate that AT&T's DSL equipment online store was the only company site that was hacked; DSL service subscribers weren't impacted, nor was AT&T's online store that sells telephones, although that store was shut down as a precautionary measure.
"We recognize that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," Priscilla Hill-Ardoin, chief privacy officer for AT&T, said in a statement. "We deeply regret this incident and we intend to pay for credit monitoring services for customers whose accounts have been impacted. We will work closely with law enforcement to bring these data thieves to account."
Just last Wednesday AT&T Services filed suit in the San Antonio Division of the U.S. District Court for the Western District of Texas to block 25 "John Doe" defendants from gaining access to customer information without authorization from the company or customer. AT&T contends that the defendants have used fraudulent tactics to access AT&T's customer information, including call records. An AT&T internal investigation identified about 2,500 customers as possible victims of data brokers, according to the company. The company added that the customers involved have been notified and access to their online accounts has been frozen for their protection.
Companies must be ready to inform customers how they are affected and how it can correct the problem when it comes to a major security incident, says Dennis Gonier, CEO of customer experience research and services firm TARP Worldwide. Gonier goes on to say that most important is that companies set up "a direct path for communication if there are further questions or issues. A 'case' strategy is needed here-that is, the company should try to channel the customer to the same Representative for continuity. Regardless, the contact center must have the ability to know the history of the customer's previous contacts."
Data Security Measures: An Increasing Concern For Contact Centers
Sprint Nextel Fights Data Bandits, Again
Marriott Vacation Club Time Shares Customer Data
Sponsored By: Jacada, Avaya, Confirmit, inMoment and BoldChat
Sponsored By: Genesys, Avaya, Verint, and Aspect
Sponsored By: Informatica
Sponsored By: Verint®, Confirmit and inContact