An employee at telecommunications giant AT&T may have stolen customers' personal information, including Social Security numbers and drivers' license numbers, the company disclosed in a letter to affected customers. The theft occurred this August, and the employee has since been fired.
It's not clear how many AT&T customers were affected, but an unnamed source told Reuters the number was about 1,600 -- far smaller in scope than more recent data breaches such as those at JPMorgan Chase, which exposed contact information for 83 million individuals and businesses, and Home Depot, in which 56 million payment cards were stolen.
However, the stolen AT&T customer data may be more damaging to affected individuals than in those larger breaches. Social Security numbers are especially valuable to identity thieves, who can use them to open new financial accounts, create false identities and even file false tax returns to collect refunds.
Malware or other traditional methods of breaking into databases don't appear to have been used in the AT&T theft. Rather, the employee apparently found a way to access customer information from within the system. The stolen data may also include Customer Proprietary Network Information (CPNI), a number related to the services customers buy from AT&T.
AT&T reported the theft to the attorney general of Vermont, whose office posted a copy of the form letter sent to AT&T customers online (PDF here). If you receive such a letter, AT&T recommends that you change your AT&T account password immediately, and to create one if none exists.
AT&T will also pay for a year of free identity-theft protection for affected customers, who can sign up at the provider's website.
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.