• PC World
• »Security

Verizon Wireless and AT&T Wireless Group are investigating a security breach that may have allowed outsiders to see confidential information of at least hundreds of their customers.

Officials from both companies confirm that they are looking into an apparent security breach that permitted information of a number of users to be circulated publicly in Internet chat rooms. The situation has prompted investigations by at least two police units in California and Oklahoma.

Investigators in Kiowa County, Oklahoma, are checking into complaints from customers who discovered that their private information had been posted publicly in a chat room and who noticed strange charges on their credit cards, according to Deputy Terry Tyler at the Kiowa Country Sheriff's Department.

Tyler has contacted credit card companies about the matter, but could not provide other details at this time. A similar investigation is under way in Rancho Cucamonga, California.

Chat room log files and online interviews with the victims indicate that many of the victims signed up for wireless service from either Verizon or AT&T between December and April of this year, with most of the users living in Indiana and Illinois, according to a report from MSNBC.com.

Victims interviewed by MSNBC said they had ordered wireless services over the Internet from Verizon and AT&T. During the ordering process, victims were asked to provide credit card information, security experts say. The security breach therefore may have occurred between transmissions among the wireless service providers and credit card service providers, security experts say.

Details Exposed

The information being distributed likely includes credit card numbers, Social Security numbers, and driver's license numbers, according to Jim Magdych, security research manager for PGP Security, a division of Network Associates. Other personal data typically used in online applications for a variety of services may also have been exposed, he said.

The MSNBC report states that log files revealed by chat room sources showed that private information was being posted at a rate of two new records per minute. At that rate, the security breach may have affected at least hundreds of victims, Magdych says.

"It looks like some information may have been taken possibly from these wireless providers and also possibly from a third party that might be doing credit checks for the wireless providers," Magdych says.

The personal data was likely either leaked as a result of unencrypted files used by the wireless providers, by third parties they work with, or by a malicious worker inside of one of the wireless or third-party companies, Magdych says. In any case, private information was posted in an IRC (Internet Relay Chat) chat room.

"We take the security of our customers very seriously and are investigating the situation," says a Verizon spokesperson.

AT&T offers a similar message.

"We are completely committed to protecting the personal and financial information of our customers," says a spokesperson for AT&T Wireless. "We have our security folks investigating this right now."

Long-Term Effects

The distribution of customers' Social Security numbers and driver's license numbers could have much more damaging long-term effects on a user's life than just the typical online crime of credit card fraud, Magdych says.

"If someone has the personal information, and they commit identity theft then that is something to be more concerned about," he says. "There is not a lot of remedial action you can take in that case."

Unlike credit cards that can be easily canceled, Social Security numbers identify an individual throughout his or her life. A criminal armed with that kind of sensitive information can obtain financial information from banks, credit card companies, or loan lenders on the person whose Social Security number has been obtained.

It also is possible to set up bank accounts and obtain credit cards and loans under the person's name. A range of troubling scenarios can result from having a Social Security number fall into the wrong hands, and it can be particularly difficult to undo the damage, which often in such cases extends for a long time.

• See more like this:
• AT&T Wireless,
• Verizon wireless,
• hack,
• attack,
• personal,
• data,
• social security number,
• chat room