Detailed AT&T customer data inappropriately accessed by unlocking company

AT&T
By Bla1ze on 13 Jun 2014 03:52 pm EDT
-
loading...
-
loading...
-
loading...

If you're an AT&T customer you may have received an email recently about a security breach within the organization. AT&T has now confirmed personal information such as Social Security numbers and call records may have been accessed by individuals not authorized to view such information.

AT&T has not confirmed how many accounts have been affected but they did confirm the breach took place between April 9-21 and the accounts were accessed as 'as part of an effort to request codes from AT&T that are used to unlock AT&T mobile phones in the secondary mobile phone market.'

We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization. This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, and we have reported this matter to law enforcement.

So while it's not a 'hack' of customer data in the traditional sense, AT&T has taken proactive measures to advise customers of the breach by sending them notices and making them aware of the situation. Still, not the best of scenarios for carrier. Have you received any notices from AT&T?

Source: ITWorld; Via: PhoneScoop

Reader comments

Detailed AT&T customer data inappropriately accessed by unlocking company

59 Comments

HAHAHAHHAHAHA YOU FAILED AT BEING FIRST AGAIN MORON!!!! Stop trying to be "cool" Just because your mom is handing you a smack down beating because you aren't cool in real life, doesn't mean you have to be "cool" online.

And notice how the articles have been populated by NOT moronic first postings? It's so nice and peaceful!! Now piss off

The "first" post aren't any worse than the rant posts that seem to follow them every time. Probably half the reason that people are amused by posting first. Your complaint took up three times the space and drew attention to a fairly innocuous post. Just let it go...

Quicksilver is the man.These kids should go and play games somewhere else.

Incurable Q10 Syndrome.....Keep away!!!!!!

@quicksilver
whats more obnoxious, his one line comment, or your 2 paragraph rant including CAPS and insults? lol... you sir, are a buffoon.

Haven't heard a word from them. Only time you hear from AT&T is when they have something to sell you.

True!

You aren't really broken into when your giving the keys away. By their own admission any one of their approved vendors can get this info from them. I would love to see a day where there guys are accountable for their actions.

Posted via CB from my LE

If this is a rumor from an unknown source, is that also a rumored statement released by AT&T? The formatting (similar to to that if other CB articles) suggests AT&T has addressed the issue.

To me, it smells a little like bullshit. In the vein of :

"oh, see what happens when you try to unlock phones? You should just buy your next phone from us, and sign a contract for the rest of your life while you are at it. "

Welcome... to the world of TOMORROW!

It happened over a month ago and telling this to us now? Unless they just found out about it, a month later...

Posted via CB10

So many hacks and compromised sites recently, and it looks this is getting worse. Ebay was the last one I remember...

"No Q10?" -> "Buy from Chen... "

I haven't gotten a single notification. I'll be out of this joint soon enough.

Posted via a flick of my thumb

I think the more important question to ask is, who's this "anonymous (not verified)" individual that has gained access to the CB front page to be able to post this article?!

Kevin, I think we've been hacked! (I vote to fire Adam. Again. :p )

Oh WOW! As AT&T customer never have heard word mentioned about this,making me think not much concern about notified their customers
About this situation.

AT&T Z10

is this a legit article? I have not heard anything from AT&T advising me of any potential breach. They are quick to send offers to buy additional phones or services but may not be as quick to address potential breach of security

Haven't heard anything about a security breech.....just their email indicating that I have maxed out my 10g's again for the month......

Posted via CB10

First i've heard of this. Thanks for the warning Crackberry. You look out for me better than the carrier who bills me!

Posted via CB10

It is possible that they are only notifying people that may have been breached. If they know when/where/how the breach occurred, they can probably tell who may have been exposed.

They let the people who were effected know and it was a breach by 3 employees of a third party company... people this stuff is always a risk so it seems silly to me that people are bashing Att and what not instead of bashing the third party company and security risk in general

Posted via CB10

If you trust someone with sensitive information and that person in turn gives a 3rd party access to that sensitive info who would you be mad at ?
The bashers did business with ATT and not the 3rd party; the onus is on ATT to protect their clients confidentiality

It very much is AT&T's fault. Have they never heard of access rights? If they let others have access to sensitive data to people who have no authorisation, then they're to blame. Of course the 3rd party is also being bad, but they shouldn't have been able to get in.

Posted via CB10

That's BS. We're a tiny business but still take steps to limit our vendors access to sensitive material. ATT said in their statement: "We have taken steps to help prevent this from happening again,". Why didn't they take those steps BEFORE this happened. It would be pretty easy to break this info off into a separate database instead of giving 3rd party vendors access to all info and just hoping that they don't access anything else. 3rd party vendors have become a valuable vector for hacking. That's what enabled the Target breach.

remember, this is the company that put all iPad user info on an unsecured website and then charged a guy with hacking for freely accessing it. Don't trust your security to ATT.

That's why I don't trust at&t and that's why I am not with at&t. Plus they still won't give people unlimited data on they contracts. If they did they would throttle your ass once you got past 2gb's lol.

Yet another thing that turns me against AT&T..

Few months back they moved all of their warranty work to a third-party. Yea nothing new.. but as a business customer being told that I needed to provide my full name, address of where I have lived in the past 6 months, ... not sure what else they were going to ask because I told the person on the phone to let me speak to a manager who then informed me that no claim could be made unless I provided this information.

I understand this is a way to stop fraud but... for a business? a "Premier Customer"? a monthly bill that is 1000 times more than the average user?

Sadly Verizon uses this company too.

Question AT&T could not answer? Why was I not notified that my information would be accessed by a third-party that I do not trust.

Nope. Haven't received nothing from them. Just emails telling me to add another line. Hmm......

Posted using my  Z10

Nothing from AT&T here except that my son & daughter have both gone over their data plan so as a "courtesy" (to them, no less) they graciously added $20 per kid to my bill......

Q10SQN100-2/10.3.0.296

No email but from what I've read on many other articles is it doesn't seem to be a huge breach like target or ebay. I'm sure if it was a super huge breach this would be blown up way bigger. You burn customers hiding that kind of stuff. It is nice they are offering free identity theft protection for a year if your a possible target.

The Z10

It's AT&T - like their updates - the rest of the world will find out well before their paying customers .

Posted via CB10

Customer service people and third party vendors should be limited in the amount of data that they can view. Especially social security and financial information. Are either of these required to unlock a phone?

Posted via CB10

I remember getting an email from them

I bet they just sent it out to people they
Think were affected by the Breach.

AT&T...shitty service and loss of privacy by having your personal data stollen!

Cartman says: Screw you guys I'm going home!

People cracking me up..... they make it sound as if Att just gave over sensitive data... things happen and they didn't "give " the people sensitive information they took it.. big difference... now if people are mad about theitb service or rates then whatever... but to be mad at Att for 3 guys cheating the system..
Seems silly to me

Posted via CB10

They need to give us free 5 year memberships for LifeLock. My ex employer did that when we had a data breach.

Posted from my BlackBerry Q10 on AT&T

This is my first time hearing about this breach: I haven't received an email from AT&T yet. Semi-disturbing.

Posted via the Android CrackBerry App!

First question that comes to mind is;
"What the hell is A T&T doing with customers SSN's in the first place?"
I don't recall being asked for my number when I signed up for smartphone service.

Posted via CB10

Of course they ask for ssn... you getting a $600 phone.. only way ssn is not asked for is for prepaid... Nice try though

Posted via CB10

I haven't heard anything from att, then again I don't really pay attention. If my information was accessed this will be the second time in about 2 months my personal information was accessed (some local paycheck company was breached by heartbleed, and I was affected) good thing I'm broke

Posted via CB10