AT&T fired an employee who improperly accessed about 1,600 customer accounts and could have viewed customers' Social Security and driver's license numbers.
The breach came to light after a form letter that AT&T sent to affected customers was submitted to Vermont's attorney general's office, which published it on its website.
Mark Siegel, executive director of media relations for AT&T Mobility, said in a statement that one of the company's employees "did not follow our strict privacy rules and inappropriately obtained some customer information."
"This individual no longer works at AT&T, and we are directly contacting the limited number of affected customers," Siegel said.
The letter said the employee, who accessed the data in August, would have also been able to see Customer Proprietary Network Information (CPNI), which is subscription information related to AT&T services.
Because CPNI data was involved, AT&T also notified federal law enforcement authorities, which is required by Federal Communications Commission regulations, the letter said.
The company recommended that users change the passcode on their accounts, and if they don't have a passcode, to create one.
It also offered one year of free credit monitoring, administered by the company CSID, but users must enroll in the program on CSID's website.
Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.