AT&T (building logo 001)

AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.

According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It’s believed the attack was part of an effort to obtain unlock codes from the carrier…

Here’s more from ITWorld (via 9to5Mac):

“Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization,” the company said in a letter to affected customers. “AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”

And here’s AT&T’s statement on the matter:

“We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization. This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, we are notifying affected customers, and we have reported this matter to law enforcement.”

Unlocking has become a hot business in recent years—particularly here in the US, where most providers still lock devices to prevent them from being used on other networks. It’s also a major political issue, with a bill in the works to change carrier practices.

AT&T says the breach took place between April 9-21, but wouldn’t say how many customers were affected. As noted by ITWorld, however, California state law only requires disclosures like this if the incident affects 500+ customers, so it’s at least that many.

The last major AT&T hack occurred in 2010, when Andrew “Weev” Auernheimer infiltrated the company’s servers and obtained some 100K iPad owner email addresses. He was convicted under the Computer Fraud & Abuse Act, and sentenced to 3 years in jail.

  • ※ mAADtAi ※

    And they’re just now telling people? Thats not right. I would sue if it was possible. Smh

    • You still can, you just can only take them to small claims court. You can’t do a mass lawsuit.

    • Rowan09

      If it wasn’t that big or wouldn’t get out they wouldn’t tell anyone. Amex, Visa, etc have breaches all the time.

  • Dave Weinstock

    Well thats what happens when you force unnecessary restrictions on your customers. They find illegal ways around them.

    • Antzboogie

      Agreed all carriers should have their phones unlocked free of charge. You only get what what you deserve. Bullies usually meet their match one day 😉

  • AndroidDogHeatandSteelersFan

    They seriously need this for Sprint.

  • nazcorp

    And there’s the reason I keep getting calls with IVRs since switching to tmobile offering me deals on att. I figured as much. All of our lines are getting the same phone calls. 1. Tmobile did it on purpose to make att look bad to me. 2. It was this breach. 3. Att did it on purpose in spite. 4. Coincidence. Yea, I’m totally not buying it being 4. And tmobile really doesn’t benefit from it since I’ve a already switched like 5 months ago. Who’s left to blame? And the calls only recently started.

  • O492 email

    I’m not sure people who are political are any better. They just get locked into their beliefs and closed off from any other opinions and end up becoming useless and stagnant, then nothing ever gets accomplished just like the state the USA is in now.

  • Eva_Downs_B831 email

    This is beyond true. I worked for AT&T and actually learned all about how how they took the buying price of the phone, chopped it down and scattered it in to the master plan and around a 2 year time no one notices.When you can keep grandfathered on previous programs do it and get devices outright. Otherwise you are pretty much finding porked