AT&T suffers data breach, customers' personal information compromised
AT&T has confirmed a security data breach in which attackers have compromised the security of a number of its mobile customers and stolen personal information including Social Security numbers and call records.
Back in April this year, AT&T suffered a data breach in which some of its customer information, including birth dates and Social Security numbers had been inappropriately accessed by three employees of one of its third-party vendors, in order to generate codes that could be used to unlock devices.
Moreover, the hackers would have also been able to access its users’ credit report with Customer Proprietary Network Information (CPNI) during the process without proper authorization, that means the information related to what subscribers purchase from AT&T would also have been compromised.
The Dallas-based telecommunications giant did not specify the number of customers or type of information affected by this data breach, but state law requires such disclosures if an incident affects at least 500 customers in California. Neither it revealed that why it took so long to confirm the breach.
AT&T sent a letter to the California Attorney General explaining the recent data security breach to its mobile customers, and said that the third-party contractor’s employees who were responsible for the breach were terminated and will no longer for the company.
Many mobile phone providers are provided by carriers with a software lock that prevents the devices from being used on other competitors’ networks. AT&T allows its users to typically request an "unlock code" that unlock their devices from its network and to do this the customers have to provide their own account information to verify their identities.
According to the company, the company discovered the data breach on 19 May, and it believes the alleged employees were trying to obtain the unlock codes of the devices so that they could remove devices from AT&T's network to other cellphone networks around the world for second-hand markets resale.
AT&T had reported the matter about the data breach to the law enforcement of United States and thereby announced that it would offer one year of free credit monitoring service for affected users.