Employees from the service provider may have used data to unlock devices
Some AT&T customers received a letter from the company informing them that some of their details have been accessed without authorization by employees of one of their service providers.It appears that the data includes the social security number of the affected customers, along with their call records, but other details may also have been accessed.
Access to the social security number has implications regarding the personal security of the customer, who runs the risk of identity theft leading to potential financials losses for the victim.
Unauthorized access to this sort of information is against the guidelines regarding the privacy and security of customer details, as the communications corporation indicated in the mass email message.
“Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization,” it stated.
The message did not create a clear picture of the incident, as it offered no clue regarding the purpose of accessing the information.
However, the company said that, “AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”
This means that the event may have been caused by an attempt to remove network restrictions on the mobile devices in order to be compatible with other networks when sold on the secondary market.
The devices are generally locked within the network of the carrier that sells them so that they cannot be used on rival networks.
If the unauthorized access proves to be a breach or an attempt to unlock second-hand phones obtained illegally, the company may find itself in the middle of a scandal.
In any event, the company has already filed the disclosure with California regulators. Such an action, however, is obligatory in California in the case of a situation that affects more than five hundred customers.
The incident seems to have occurred in April, between 9 and 21. In a statement to Martyn Williams, the company informs that they “have taken steps to help prevent this from happening again, we are notifying affected customers, and we have reported this matter to law enforcement.”
Furthermore, AT&T representatives labelled the matter as "completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously.”