Unique customer numbers, known as Customer Proprietary Network Information (CPNI), which can include metadata — such as the time, date, duration, and destination number of each call made — were also viewed by the company insider.
The letter said the account information was accessed "without authorization."
"This is not the way we conduct business, and as a result, this individual no longer works for AT&T," the letter wrote.
AT&T said it has informed law enforcement of the data breach.
However, the company, which remains the second-largest cellular giant by customers in the US behind Verizon, remained mum on how many individuals were affected.
We reached out to AT&T but did not hear back at the time of writing.