At-Bay Helps Telecom Company After Rogue Employee Compromises Data

The Target

Industry: Telecommunications
Revenue: $75M – $100M
Attack Type: Insider Threat – Employee Data Misuse

The Incident

A telecom company offering broadband marketing solutions was blind-sided by an employee who abused access to customer data for personal financial gain. The company learned this when a customer reported that they had received a bill for their services with an incorrect name. The suspicious statement sparked an internal investigation with their quality assurance team.

The team discovered that the employee fraudulently used the names and social security numbers of existing customers to enroll new customers whose credit history otherwise would not have qualified them for the service. Each newly approved service at the employee’s request was a case of identity theft in exchange for commission. The incident revealed that secure personnel protocols are as important as network security protocols, as cyber risk encompasses a broad range of privacy violations.

Example of an At-Bay Claim Response Timeline

Once the company notified At-Bay of the claim, the company engaged a breach coach to assist in determining the extent of the compromised customer data and advise on the company’s legal notification obligations.

At-Bay’s Cyber policy covered notification and credit monitoring costs for affected individuals. The Claims team acted quickly to confirm coverage and arm the company with the resources it needed to appropriately respond to this incident.

The Result

At-Bay’s swift response ensured the company met legal notification requirements and provided credit monitoring for affected customers, helping to reduce further consumer harm and minimize regulatory penalties.