The IT staff quickly discovered the illegal access and closed the website store, AT&T said in a statement. Thieves accessed the personal data, which included credit card numbers, of customers who had purchased high-speed DSL internet connection equipment through the store.
"We recognize that there is an active market for illegally obtained personal information," Priscilla Hill-Ardoin, AT&T chief privacy officer, said. "We are committed to both protecting our customers' privacy and to weeding out and punishing the violators."
The company, which is working with law enforcement in the investigation, has begun notifying victims, the statement said. AT&T has agreed to pay for credit monitoring for the affected customers.
Shlomo Kramer, CEO of security firm Imperva, said today that the attack against AT&T exemplifies how hackers are turning their attention away from the infrastructure in favor of targeted data.
He said traditional firewalls and intrusion prevention systems are not enough to solve the problem.
"You need to have something that is capable of monitoring or protecting the data," he said.Click here to email reporter Dan Kaplan.