AT&T Stolen Laptop, Unknown Number of Former Employees Affected
Technorati Tag: Security Breach
Date Reported:
8/30/07
Organization:
AT&T
Contractor/Consultant:
Unknown "professional services firm doing work for the company"
Number Affected:
Unknown
Types of Data:
Name, Social Security number, address, and benefit information
Breach Description:
A laptop computer was stolen from the car of an employee of a unknown professional services firm that was performing work for AT&T. The laptop computer contained sensitive information on former AT&T employees.
Reference URL:
http://www.pcworld.com/article/id,136636-c,privacysecurity/article.html
Report Credit:
PC World
Response:
"A spokesman for AT&T today confirmed the July 27 incident and said it affected only employees of the former AT&T Corp. acquired by SBC Communications Inc. in 2005. No data involving employees of SBC, Bell South or Cingular was affected, the spokesman said."
"the stolen laptop contained AT&T Corp.'s benefits plans information and was password protected"
the data "was not stored in a way that was consistent with AT&T policies." Those policies call for encryption of sensitive data as well as "physical security measures."
AT&T is offering free credit monitoring service for one year to all affected employees.
Commentary:
There is little information found on the Internet regarding this incident and many details are lacking. The article above quotes an employee that is not at all happy with the manner in which AT&T is handling the situation.
"I'm kind of pissed off about it," "I just don't like the way they are handling it. They just won't tell us anything,"
It is unknown if there is any pending law enforcement of legal action underway. AT&T could do a much better job at communicating more details of breach. I like how AT&T has policies in place to address the encryotion of sensitive data. It is important to note that the person responsible for the laptop was not an employee.
Past Breaches:
None since August 2007
Date Reported:
8/30/07
Organization:
AT&T
Contractor/Consultant:
Unknown "professional services firm doing work for the company"
Number Affected:
Unknown
Types of Data:
Name, Social Security number, address, and benefit information
Breach Description:
A laptop computer was stolen from the car of an employee of a unknown professional services firm that was performing work for AT&T. The laptop computer contained sensitive information on former AT&T employees.
Reference URL:
http://www.pcworld.com/article/id,136636-c,privacysecurity/article.html
Report Credit:
PC World
Response:
"A spokesman for AT&T today confirmed the July 27 incident and said it affected only employees of the former AT&T Corp. acquired by SBC Communications Inc. in 2005. No data involving employees of SBC, Bell South or Cingular was affected, the spokesman said."
"the stolen laptop contained AT&T Corp.'s benefits plans information and was password protected"
the data "was not stored in a way that was consistent with AT&T policies." Those policies call for encryption of sensitive data as well as "physical security measures."
AT&T is offering free credit monitoring service for one year to all affected employees.
Commentary:
There is little information found on the Internet regarding this incident and many details are lacking. The article above quotes an employee that is not at all happy with the manner in which AT&T is handling the situation.
"I'm kind of pissed off about it," "I just don't like the way they are handling it. They just won't tell us anything,"
It is unknown if there is any pending law enforcement of legal action underway. AT&T could do a much better job at communicating more details of breach. I like how AT&T has policies in place to address the encryotion of sensitive data. It is important to note that the person responsible for the laptop was not an employee.
Past Breaches:
None since August 2007
Posts Atom 1.0
Yeah, I'm one of the lucky sob's to have been notified that, "Unfortunately, some of your personal information was contained in these files."
I called to find out more information about the issue. Like the person in the article stated, they won't divulge any useful information. I was so pissed at the AT&T rep's attitude that I just wanted to reach through the damn phone and shove my fist down her throat.
The experience reminded me of why I chose to leave AT&T when I did. The sad thing is, they're still ****ing with me with what they've done.
newt
Reply to this
I rec'd the letter on a Saturday, 9-1-07. Immediately called the 1-800 number. Got a machine telling me to call back during business hrs Mon-Fri. They had to know people would be seeing the letters for the 1st time over the weekend and they couldn't be bothered to have folks there answering the phones and addressing concerns? or as it turned out, hiding all the details.
AT&T said it affected 'only'those Legacy AT&T employees. Last I knew, that was somewhere in the 45,000 range.
My husband, listed as my dependent and beneficiary, also rec'd the letter so worst case is 45,000 employees x 2 or 3
if you have other dependents, brings it close to 150,000 folks potentially affected. All coworkers I spoke with got the letter as did their dependents.
I thought it was pretty convenient that this came out over the Labor Day weekend. It really pretty much went under everyone's radar. I had hoped to see an update on the story but have seen nothing since the pcworld article.
I guess the news world has become blase'
about it as there are so many data breaches.
Reply to this
I am glad to hear a comment on this breach, but at the same time sad to hear that you are a victim. So many times these stories die after the initial shock factor is gone.
Did the letter you received shed any light on the subject? 150,000 potential victims are very significant.
AT&T has vast resources at hand to respond to incidents such as this and they are more than happy to let this go quiet. Companies will only pay attention if something affects the bottom line. In the time that this breach was reported, the stock (symbol: T) has risen over 7%! Customers need to demand answers and hold organizations accountable but until this happens its "same old, same old" I'm afraid.
Reply to this
I have not found any news article on the subject that said anything other than an 'unspecified number of individuals' were affected. And isn't it interesting how AT&T tried to marginalize the story by saying it 'only' involved those of us from Legacy AT&T, as if we're not worth anyone worrying about. Since AT&T won't divulge real numbers, 150K is simply
speculation on my part. I believe the data stolen also included retirees and their beneficiaries and/or dependents. I have no idea how many of those folks there are, so the number of people affected 'could be' huge. We'll never know I expect, unless someone persists in finding out more about the story.
AT&T says by not divulging details they are 'protecting us' so as not to tip off the thief to the potential data at
their fingertips. I expect that is valid to a point but I think the more obvious reason they're short on details is to keep the story 'contained' and out of sight from the general public. Sad state of affairs.
Reply to this
AT&T should know better than to insult people's intelligence. Any good information security person knows the saying "There is NO security in obscurity". The only "protecting" they are doing in this instance is "protecting" themselves and the bottom line. Nobody likes bad press.
If people let them do, they will do. I hope someone involved will persist. The information that was lost was not AT&T's information, it was yours!
Reply to this