Approximately 1600 customers of the telecommunications giant AT&T have been affected in a recent data breach. According to a letter sent to all affected customers, AT&T states that the attack was an insider job―an employee gained access to the Customer Proprietary Network Information without proper authorization. This employee gained access to customer account information, including social security numbers and driver’s licence numbers. AT&T reassured its customers that this employee has since been terminated.
In comparison to some other recent data breaches, this breach may not seem that serious. What makes matters worse, however, is that yesterday, the Federal Trade Commission issued a press release about the outcome of a lawsuit against AT&T for unlawful billing of its customers for third-party services. The company, which routinely charged customers about $9.99 a month (per service) for services its customers did not authorize (while pocketing 35%), agreed to pay $105 million in a settlement.
As you can see, most of the settlement money will go back to the affected customers. AT&T’s decision to settle instead of fight (like T-Mobile) isn’t all that surprising to the informed. AT&T recently placed a $48 billion bid to buy the satellite TV giant DirecTV. Many speculate this settlement’s purpose was to sway the FCC and the public on AT&T’s side and get the regulators to approve the deal, unlike what happened in 2011 with T-Mobile.