August 29, 2006 5:45 PM PDT

AT&T hack exposes 19,000 identities

By Joris Evers
Staff Writer, CNET News

Related Stories

Auditor loses McAfee employee data

 February 23, 2006

Visa deals with possible data breach

 December 24, 2005

Separating myth from reality in ID theft

 October 24, 2005
AT&T on Tuesday said hackers broke into one of its computer systems and accessed personal data on thousands of customers who used its online store.

The information that was illegally accessed includes credit card numbers, AT&T said in a statement. The cyberattack affects about 19,000 customers who purchased equipment for high-speed DSL Internet connections through AT&T's Web site, the company said.

"We deeply regret this incident," Priscilla Hill-Ardoin, chief privacy officer for AT&T, said in the statement. "We will work closely with law enforcement to bring these data thieves to account."

The break-in occurred over the weekend and was discovered within hours, after which the online store was shut down, AT&T said. The telecommunications company quickly notified credit card companies and is in the process of contacting the affected customers via e-mail, phone and letter, it said.

The incident is the latest in a long string of data security breaches. Since early last year, more than 90 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

AT&T is offering to pay for credit monitoring services for customers whose accounts have been impacted because they could be at risk of identity fraud. The company also has made available a toll-free number to affected customers to call for more information.

See more CNET content tagged:
AT&T Corp., online store, incident, data security, credit card

Add a Comment (Log in or register) 14 comments
The New AT&T
by als August 29, 2006 7:03 PM PDT
Your world. Delivered.
Reply to this comment View reply
Digital Age
by MattFatt August 29, 2006 9:59 PM PDT
This is yet another example of why there is no such thing as privacy in the digital age. When you go to a web site and accept a privacy policy, whatever, it means nothing. It just gives you a false sense of security and allows the vendor to give you the illusion, that your personal and/or credit card information is safe...Yeah, right. Unfortunately, by definition, there is no way to fully protect digital info. It's something we all acknowledge (knowingly or not) once we click the accept button.
Reply to this comment
I'm Safe
by dragonbite August 30, 2006 5:17 AM PDT
Because they keep offering all these "deals" but don't extend their range that 1,000 feet to my street!?!
Reply to this comment
Taking the right steps
by Nkully86 August 30, 2006 6:22 AM PDT
Now I won't get into the security policies that allowed this hacker into the AT&T facilities, however they did take all the necessary steps to help thier potentially affected customers. Giving their customers free credit monitoring is a huge step, especially when the U.S. Government decided to take it away from their potentially affected vets.
http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html

Also, taking charge and contacting credit card companies themselves shows the kind of devotion that other affected companies/organizations should take. While these continuing breaches are still not a good sign, it is good that companies are finally manning up and taking the right steps to help their customers get back on the right track.
http://www.essentialsecurity.com/Documents/article17.htm
Reply to this comment
Prompt action
by patruga August 30, 2006 8:09 AM PDT
AT&T should be commended for their prompt action. Usually you hear about these things for weeks or months later.

Damned if I can understand how any of these companies (ATT, Verizon, Citibank etc.) allow a system design that is so easily compromised. I can understand "in process" transactions being compromised, but why have a database with completed transactions available for external access? I am sure I am not seeing the whole techie picture, but if a server/database is offline you can't get to it; keep them offline till you do your billing. There has got to be a better way of securing customer data!
Reply to this comment
AT&T should be held liable for these kind of breaches
by omerfr August 30, 2006 8:27 AM PDT
When Companies like AT&T can cover their behinds by revising their terms and conditions to indicate that user data is AT&T property and they can do whatever they choose with it, its only fair for us as consumers to protect ourselves on this.

Ultimately if our identities are stolen and our credits affected - these same companies will treat us as untouchables.

There should be legislation to enforce liabilities for these kind of breaches.
Reply to this comment View reply
It was only a matter of time...
by btljooz August 30, 2006 12:33 PM PDT
...before these types of '[i]breaches[/i]' started happening. This is why I have [b]NEVER[/b] shopped [u]ANYwhere[/u] but brick & mortar stores. I don't, and [b]NEVER[/b] shop online or TV!

Unfortunately, these types of '[i]breaches[/i]' are on the upswing from other databases, too. It [u]will[/u] only be a matter of time before we [b][u]ALL[/u][/b] have our personal information exposed for anyone to use as they please. :(
Reply to this comment View reply
Credit is only half the problem
by paulej August 30, 2006 2:23 PM PDT
When a criminal gets your ID, he can do far worse than screw up your credit. In my case, a guy got a driver's license in Indiana. For the past 4 years, I've lived with the constant threat of being arrested for driving with a suspended license that isn't even mine! Indiana only threatens to put me in jail when I ask them to fix it! ID theft can be very bad. See my story: http://www.arid.us/silverman/
Reply to this comment
Oh well
by heystoopid August 30, 2006 3:10 PM PDT
Oh well, looks like it's time for Eliot Spitzer and co, to kick some corporate butt, for these are either true slackers or absolute disciples of the "Peter Principle", for allowing such breaches to occur in the first place!

So much window dressing in corporate mission statements these days!
Reply to this comment
"Deeply Regret"
by ss_Whiplash September 1, 2006 6:52 AM PDT
I am so sick of people saying this. "I deeply regret xyz". So what? What does that mean? It means you regret the fact that you are a idiots and now you have to deal with bad press.

Does anyone actually say "I'm sorry, I screwed up", anymore?
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' photos

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Outside the Lines

    EIC Squared: Chrome, iPods, and a Dell-Salesforce union

    On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • Webware

    Mozilla releases second Firefox 3.1 alpha

    Added features include support for a new video tag element introduced with the HTML 5 standard, along with some speed enhancements.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Crave

    This week in Crave-land

    The Xbox 360 finally gets a price cut, and the game world gets ready for the arrival of Spore.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET