AT&T has confirmed that a number of their wireless customers were affected by a security breach. Users had their accounts broken into, revealing highly sensitive information including Social Security numbers and dates of birth.
The perpetrators behind this attack are still unknown. However, AT&T is currently investigating the situation.
Usually, attacks of this kind are done with the intention of stealing credit card information When attackers are able to access such information, they are able to steal a great amount of money. These kinds of attacks are very dangerous. With AT&T however, the attackers were attempting to steal personal information from customers. This was to commit fraud. Specifically, to unlock old and used handsets through the customer data of AT&T users.
AT&T didn’t publicly state how many customers have been affected by this breach. However, California law has provided a good indication. California law requires that a company notifies all customers of a malicious security breach if the attack affected over 500 people. This guarantees that at least 500 people were affected by this attack. While AT&T has millions of subscribers, even 500 attacks would still be very damaging to their reputation.
As a result, AT&T have sent letters to their customers. This letter states that the breach occurred between April 9 and April 21 this year. AT&T publicly stated “We have taken steps to help prevent this from happening again. We are notifying affected customers, and we have reported this matter to law enforcement.”
It also read, “AT&T believes the employees accessed your account as part of an effort to request codes from AT&T that are used to ‘unlock’ AT&T mobile phones in the secondary mobile market.”
The company is offering a year of free credit monitoring in apology.