AT&T: Hackers took credit card info on thousands of online shoppers

Tuesday, August 29th 2006, 9:41 pm

By: News On 6

SAN ANTONIO (AP) -- Hackers illegally accessed a computer system and stole credit card information and other personal data from thousands of customers who purchased DSL equipment from an AT&T online store, the company said Tuesday.

AT&T Inc. said the system was hacked into over the weekend. The data of "fewer than 19,000 customers" were affected, the company said.

AT&T said it shut down its online store selling the high-speed Internet access equipment and would pay for credit monitoring services for the people whose files were accessed. The San Antonio-based telephone company notified the major credit card companies whose customer accounts were affected.

It also sent notification to customers involved via e-mail, phone and letter.

"We recognize that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," Priscilla Hill-Ardoin, AT&T's chief privacy officer, said in a statement.

The company said the unauthorized access was found within hours of the breach.

AT&T spokesman Walt Sharp said no fraudulent charges had been reported so far. He said he could not specify on which day the breach occurred, but said routine security monitoring promptly identified it.

Forensic teams and law enforcement are working to determine how the theft occurred and who was responsible, he said.

Sharp said AT&T's online store for DSL equipment was the only company site infiltrated by the hackers. Subscribers to DSL service were not affected. Sharp said the company's online store selling telephones was not affected, but was also shut down as a precaution.

Todd Stefan, vice president of Setec Investigations, a Los Angeles-based computer security consulting firm, said such computer breaches are rising. Just this year, high-profile personal data reaches have affected a range of enterprises, from the U.S. Department of Veterans Affairs to AOL to Ohio University.

"There is a very large underground international community often led by organized crime that traffics in illegally obtained information, specifically credit card information," he said.
Credit card numbers are often sold in bulk in underground chat rooms.

Beth Givens, director of the Privacy Rights Clearinghouse, a California-based non-profit, said her group has tallied more than 170 publicly disclosed security breaches nationwide of sensitive personal information so far this year.

A Texas law enacted last year mandates that companies disclose such security breaches to the public.