AT&T breachData breaches perpetrated by criminals from the outside are bad news, but AT&T is dealing with something equally insidious — an inside job. According to the Federal Communications Commission, employees at call centers operated by AT&T accessed the accounts of more than 280,000 customers and sold their personal data to third-party people who used it to unlock stolen mobile phones purchased on underground markets. The investigation determined employees at call centers in Mexico, Columbia and the Philippines were paid by third parties to access customer accounts without authorization and steal names and full or partial social security numbers. The company has been ordered to pay a $25 million civil penalty to settle an FCC investigation into this violation of consumer privacy, says the Wall Street Journal.

How will I know if my data was exposed?

As part of the settlement with the FCC, AT&T is required to notify all customers involved in the data breach. The company will also be paying for credit monitoring services for customers affected, which is a typical gesture in these situations. Because this was a relatively small breach in the scheme of things, no website has been set up for customers to visit. It is likely AT&T will contact customers by mail regarding this issue to provide further instruction. If you are concerned, you can contact customer service rather than wait.

Why did the thieves need social security numbers?

Mobile phone theft can be a profitable business, and AT&T introduced measures recently to increase security against thieves trying to unlock stolen phones. Part of this increase in security requires a person to provide their email address and the last four digits of their social security number, along with other data, in order to unlock a phone. Unfortunately, this led to third parties selling stolen phones to work together with unscrupulous employees at AT&T call centers to steal this information. The fact that these accounts were able to be accessed by employees at call centers in three different countries illustrates the flaws in AT&T’s current security practices. Thus, the FCC is also requiring the company to improve its security as well as file regular compliance reports to ensure improvements are being made.

Social security numbers are one of the hottest pieces of information a criminal can steal from you, because there is so much that can be done with it — from opening credit cards to falsifying medical benefit requests. This means it’s vital that you protect your social security number as best you can. Identity theft protection services can help monitor black market websites and public records for misuse of your number. Learn more about these services and how they can help by visiting our identity theft protection reviews.