AT&T has revealed that customers’ personal information might have been leaked, exposing social security numbers and dates of birth.
The telecoms giant disclosed in a filing to the California Attorney General’s office that third-party contractors had accessed customers’ personal data in order to unlock and re-sell smartphones.
AT&T permits its devices to be unlocked with a code that it will only provide when account information including social security details are supplied. According to The Register, only three employees at the unnamed contractor were involved in the scheme.
AT&T has not said how many customers were affected. The breach occurred between April 9 and 21 this year but was only disclosed on Friday. California law dictates that companies make a public statement if more than 500 residents were affected by a data breach.
Users who were affected have been contacted by mail. In its letter, AT&T says that the contractors involved would also have been able to access customers’ ‘Proprietary Network Information’ – data which reveals what services they have bought from AT&T.
To compensate for the data breach, AT&T is offering all affected customers one free year of credit monitoring services, to ensure their social security details are not used for fraudulent purposes.
It goes on to recommend that “if you currently have a passcode on your account, you change it. If you do not have a passcode on your account, we recommend you add one.”
This breach is not the first time that AT&T’s customer data has been exposed. In 2010, security researchers were able to exploit a flaw on AT&T’s website to reveal the email addresses of 114,000 iPad 3G owners. But as eWeek points out, this latest is more sinister, with a money-making scheme at its heart, and two forms of personal data at risk.
In May this year, a report by the Electronic Frontier Foundation (EFF) claimed that AT&T, along with Snapchat and Comcast, did the least to protect its customers’ data.
Author Staff Writer, ESET