Network News

X My Profile
View More Activity

Sprint: Employee Stole Customer Data

Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission.

In letters sent via snail mail to some customers, Sprint urged recipients to contact customers service and change their existing personal identification number and security question. Turns out, a Sprint employee accessed "multiple customer accounts," between Dec. 2008 and Jan. 2009.

sprintalert.JPG

"It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account."

Sprint spokesman Matt Sullivan declined to say how many customers were sent the letters, but said it was less than one percent of its customer base. A woman who answered the phone at the 800 number set up to handle this incident said "several thousand" customers were affected.

The breach may have exposed more sensitive information had Sprint not recently put in place some protections around that data.

"We implemented a billing platform about a year ago that has advanced security features designed to catch things like an employee accessing information that they shouldn't be," Sullivan said. "That platform limits information that employees can access, such as Social Security numbers, and any sort of payment information."

Still, whichever "third party" received the stolen data may still have found ways to turn the information into cash. Michael Fontaine, a 27-year-old Sprint customer from Fall River, Mass., was among those who received the letter. Fontaine said last month someone made a fraudulent claim through Sprint's insurance company to replace his phone, a pricey Mogul smartphone.

"I got dinged for $50 deductible on my bill, but there was never any replacement phone sent," Fontaine said.

By Brian Krebs  |  March 11, 2009; 2:55 PM ET
Categories:  Fraud  | Tags: employee data theft, mogul, sprint  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Adobe, Foxit, Ship PDF Reader Security Updates
Next: Microsoft Plugs Eight Windows Security Holes

Comments

well sprint has been stealing from me for years....

Posted by: ballgame | March 11, 2009 4:00 PM | Report abuse

Is this only regarding Sprint wireless or does it also include Spring long distance?
I have Sprint long distance, but not wireless. Wondering whether I should be concerned since I did not receive a letter.
Either way, it's disgraceful and hopefully this former employee will be facing federal charges.

Posted by: morningglory51 | March 11, 2009 4:17 PM | Report abuse

What's hilarious is that Sprint has an ad banner at the top of this article right now.

Posted by: burtldy | March 13, 2009 11:45 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company