This week AT&T Mobility filed a breach notification in California. Apparently from April 9 until April 21, 2014 one of their third party providers violated their security and privacy guidelines and was accessing customer data. AT&T believes that the data was accessed in a effort to unlock phones for secondary market resale. The breach was discovered on May 19, 2014.
Now, the problem here is that in doing so, the AT&T partner employees would have been able to view customer social security numbers and date of birth. In addition to this information the Customer Proprietary Network Information (CPNI) which is related to services that they had subscribed to with the mobile provider would have been viewable.
AT&T will be offering one year of free credit reporting for customers affected by the breach. While we know the date range it aaas not immediately clear how many customers were in fact affected.
Federal law enforcement has been informed of the unauthorized access to the customer data but again, no detail as to whether to not this will be investigated further.
One other piece of information that they included was the recommendation that customers change their passcode. As well, if the customer doesn’t have an passcode that they add one. So, is this to say that the passcodes were compromised as well?
Notifications are winding their way towards affected parties.
(Image used under CC from Chris Young)