On Wednesday, the company's services division filed a lawsuit in U.S district court in San Antonio, Texas, to block 25 unnamed "John Doe" defendants who have allegedly pretended to be customers to gain access to account information.
AT&T said that the so-called data brokers had fraudulently obtained records for some 2,500 customers. The company said this information was used mainly in legal and domestic disputes and that no driver's license numbers or sensitive financial data were accessible.
AT&T says it believes the lawsuit will help it identify the perpetrators through e-mail addresses and Internet Protocol addresses. Once it identifies the data brokers, the company plans to seek an injunction as well as a return of profits earned from selling customer information.
AT&T customers affected by the data breach have been notified and access to their online accounts has been frozen, the company said.
Earlier this year, the big four wireless phone companies in the U.S.--Cingular Wireless, Sprint, T-Mobile and Verizon Wireless--each filed lawsuits against companies that own Web sites that allegedly sell customer information. T-Mobile and Cingular have each won temporary restraining orders against perpetrators.
The lawsuits have prompted U.S. lawmakers, state attorneys general and the Federal Communications Commission to look more closely at the collection of consumer data.
AT&T said it has taken additional steps to prevent this type of activity in the future, but it didn't discuss specifics.
"Regrettably, there are always people looking for ways to circumvent the system," Priscilla Hill-Ardoin, chief privacy officer for AT&T, said in a statement. "But we intend to remain vigilant in order to keep our customers' information secure."
AT&T is currently a defendant in a privacy lawsuit in federal court in San Francisco over President Bush's domestic spy program. The Electronic Frontier Foundation has accused AT&T of illegally making its network available to the government for security surveillance.