14 DAY TRIAL // Customer data belonging to California residents subscribed to AT&T services has been accessed without authorization at an unknown date in a five-month period in 2014.
The company informs that the current results of an ongoing investigation showed that the breach occurred somewhere between February and July 2014.
Social security numbers on the list of accessed data
It is believed that the customer accounts were accessed for the purpose of obtaining codes necessary for unlocking phones programmed to work only with the AT&T network.
A sample of the letter informing the affected customers of the incident has been sent to California’s Office of the Attorney General on Thursday, as required by law when personally identifiable information of more than 500 California residents has been exposed to third parties.
While the telecommunications giant says that the incident does not affect the mobile terminal, it does inform that social security numbers and Customer Proprietary Network Information (CPNI) was present on the illegally accessed systems.
However, there is no evidence supporting the fact that this data was actually acquired by the perpetrators.
CPNI refers to data regarding the subscription, such as the type of service; it also refers to metadata relating to call activity.
Clients receive one-year subscription to credit monitoring service
There are no details about the context surrounding the incident, but similar events in the past involved AT&T employees requesting the unlock codes.
Peter Diaz, AT&T Consumer Centers Sales & Service Director, said in the letter to the affected individuals that anyone impacted is offered a free subscription for one year to a credit monitoring service.
Customers can benefit from this protection as soon as they complete the enrollment procedure. People impacted by the breach are recommended to keep an eye on bank account records to spot early signs of potential fraudulent activity.
Last week, AT&T was fined by the FCC with $25 / €23 million for data breaches between 2013 and 2014 that affected almost 280,000 customers. The incidents occurred at call centers in Mexico, Colombia and Philippines, which served customers in the US.