"The online store was shut down immediately," said a company
statement. "AT&T also quickly notified the major credit card
companies whose customer accounts were involved. The company is
also working with law enforcement to investigate the incident and
pursue the perpetrators."
The site involved is one where consumers can buy high-speed
internet equipment, though several branches of AT&T's online
shops were closed as a result of the breach.
The information could be extremely valuable to criminals in
perpetrating identity theft or credit fraud. "We recognise that
there is an active market for illegally obtained personal
information," said Priscilla Hill-Ardoin, chief privacy officer for
AT&T. "We deeply regret this incident. We will work closely
with law enforcement to bring these data thieves to account."
The company said that it will pay for credit monitoring for
those whose details were stolen so that customers can monitor
whether or not fraud has taken place.
AT&T said that it had no indications that fraudulent
transactions had taken place before the company found out about the
security breach.
Data breaches involving credit cards and identity details are
becoming more common as more people perform day-to-day tasks
online. The US Privacy Rights Clearinghouse said that 91 million
sensitive records have been taken without permission since February
2005.
"We read about these breaches all the time,'' Beth Givens of
Privacy Rights Clearinghouse told news agency Bloomberg. "Still,
you'd think a company as prominent as AT&T would have
established a more secure Web store."
