US telecommunications giant AT&T fell victim to a data breach perpetrated by one of its own employees in August, the company revealed today.
In a letter to Vermont's attorney general [PDF] and affected customers, AT&T said the former employee - who has since been fired - had been able to access account information, social security data and driver's license details "without authorisation".
The staff member had also viewed Customer Proprietary Network Information (CPNI), which can include metadata such as time, date and destination number for each call made from a person's account.
AT&T said it had informed law enforcement of the breach and had fired the employee.
"This is not the way we conduct business, and as a result, this individual no longer works for AT&T," the company stated in the letter.
The carrier did not specify how many of its customers had been affected by the breach.
It did reveal that the stolen information had been misused but declined to provide any detail.
"To the extent this activity results in any unauthorised charges or changes to your account, they have been or will be reversed," the letter advised.
AT&T is offering affected customers free credit monitoring services and identity theft insurance for a year, and has advised users to change their account passcodes. It also said it would reverse any fradulent charges made on an account as a result of the breach.
It is the second data breach the company has had to contend with this year.
In June, the telco warned three contractors had accessed customer account information in order to impersonate users and access unlocked phones.