Insider Breach costs AT&T $25 Million

Insider Breach costs AT&T $25 Million

AT&T is paying a hefty price – $25 million – for call center employees in Mexico, Colombia and the Philippines who accessed personally identifiable information from 278,000 customer accounts without authorization.

The Federal Communications Commission says employees in 2013 and 2014 retrieved customer proprietary network information and other personal data that could be used to unlock AT&T mobile phones. Then, the employees provided that information to unauthorized third parties who appear to have trafficked in stolen cell phones or secondary market phones that they wanted to unlock.

AT&T issued a statement that says protecting customer privacy is critical to the company and that they held themselves and their vendors to a high standard. Unfortunately, a few of their vendors did not meet that standard and according to AT&T, they terminated those vendors.

This insider breach took place at an AT&T call center in Mexico between November 2013 and April 2014. The three call center employees involved were paid by third parties to obtain the names and at least the last four digits of customers’ Social Security numbers. The three call center employees accessed more than 68,000 accounts without customer authorization, which they then provided to third parties who used that information to submit 290,803 handset unlock requests through AT&T’s online customer unlock request portal.

This is a classic example of the type of damage that can be done by insiders and the cost that can be incurred by businesses. Not just reputation is loss hear, but a pretty hefty sum of money.

To learn more about cyber security training and education, visit Excelsior College’s website today.