U.S. telecommunications company AT&T has confirmed security breach by its service provider, which compromised personal data of customers such as social security number, call records and more.
AT&T confirmed that the breach occurred between April 9 and April 21, but the company has disclosed the breach to California regulators recently. If such an incident affects at least 500 people, the law in California requires a company to reveal the total number of customers affected by the breach. However, AT&T has not disclosed the number of subscribers whose personal data was compromised as a result of the breach.
The company has also issued a letter to the customers who were affected by the security breach. The letter explains that some employees of AT&T's service providers were responsible for the violation of the company's strict privacy and security guidelines. The employees are said to have accessed account details without authorization from customers. AT&T suggests that the employees in question accessed customer accounts and tried to get codes from AT&T, which are used to "unlock AT&T mobile phones in the secondary mobile phone market."
"We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," per a company statement. "This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, we are notifying affected customers, and we have reported this matter to law enforcement," it said.
It is a regular practice by telecom service providers such as AT&T to include a software lock on its handsets that stops them to be used on other telecom networks. However, customers can request an unlock code that allows them to remove the software lock. Once handsets are unlocked, they can be sold in the secondary mobile market and can be used on AT&T and T-Mobile network in the U.S., and on various other telecom networks of the world.
Some mobile phones are quite expensive and can be sold easily in secondary markets in the U.S. or in other countries of the world. Thousands of handsets are reported to be stolen globally, which ultimately make their way to the second-hand market. AT&T has not commented if the handsets of affected customers have already made their way to the second-hand market.