American wireless carrier AT&T is confirming that over a two-week period in April it experienced a data breach. While the security hack was not large, at least according to initial reports, the company has publicly disclosed the breach due to California law requiring companies to do so for any security issue that affects more than 500 customers or users.
But even as AT&T does publicly admit to the security breach, it is unclear why the company took two months to inform the authorities and the public about what occurred. It appears a number of Social Security numbers have been taken by the hackers, but it is unclear if they have attempted to use them or steal a person's identity.
AT&T said it was an inside job, meaning one of the company's vendors appears to be responsible for the hack, which occurred between April 9 and April 21. The company's note to affected customers says it believes the unauthorized employees sought access codes to unlock AT&T phones in the secondary market so they can be activated by other providers.
"We recently determined that employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a published note. But that note was not sent to all AT&T customers.
The company has not spoken in depth about the breach, and did not respond to an inquiry from Tech Times by press time. It is unclear how many users were affected and the company has not directly spoken to its customers over what the breach means or if they were affected.
What the company is saying is that three contractors at an unnamed service provider went into AT&T personal records, which include Social Security numbers and birth dates. The result has seen AT&T scramble to counter any problems its users may have over the breach, including removing devices from the network to ensure they are safe to use and be resold. It also is providing for a free year of credit monitoring for affected customers.
It is the latest security breach to hit American tech companies, with eBay recently reporting that it had a massive data breach hit tens of thousands of its users earlier this year. EBay was slow to inform the public and its users over the security breach, which has led to a number of states investigating the response and the company's overall security efforts.
AT&T stated that the breach has had "no impact to your AT&T mobile device(s) in connection with this activity."