AT&T confirms hacking incident, blames vendor employees but is not forthcoming on specifics
American wireless carrier AT&T is confirming that over a two-week period in April it experienced a data breach. While the security hack was not large, at least according to initial reports, the company has publicly disclosed the breach due to California law requiring companies to do so for any security issue that affects more than 500 customers or users.
But even as AT&T does publicly admit to the security breach, it is unclear why the company took two months to inform the authorities and the public about what occurred. It appears a number of Social Security numbers have been taken by the hackers, but it is unclear if they have attempted to use them or steal a person’s identity.
AT&T said it was an inside job, meaning one of the company’s vendors appears to be responsible for the hack, which occurred between April 9 and April 21. The company’s note to affected customers says it believes the unauthorized employees sought access codes to unlock AT&T phones in the secondary market so they can be activated by other providers.
“We recently determined that employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization,” the company said in a published note. But that note was not sent to all AT&T customers.
The company has not spoken in depth about the breach, and did not respond to an inquiry from Tech Times by press time. It is unclear how many users were affected and the company has not directly spoken to its customers over what the breach means or if they were affected.