Call records and social security numbers are among the bits of customer data accessed by parties “outside” of AT&T. In a California regulatory filing, the telecom giant confirmed the incidents took place between April 9 thru the 21st. AT&T would not say how many customers were affected by the breach but ITworld says California law requires a regulatory filing if more than 500 persons were affected.
“Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization,” the company said in a letter to affected customers. “AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”
The thieves were after unlock codes to sell phones on the secondary market. As a lot of us know, most carriers lock their phones to their network so you cannot use them anywhere else. In their quest for unlock codes they also found themselves gathering social security numbers. Getting unlock codes is one thing, but getting hands on social security numbers is definitely a step up the criminal rung.
“We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization,” the company said in a statement.
“This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, we are notifying affected customers, and we have reported this matter to law enforcement,” it said.
AT&T declined to provide any additional information on the incident.
Probably a good idea to check your email for an AT&T notification, you may be one of the affected.