AT&T Logo
June 15, 2014

Personal Information Of AT&T Customers Compromised By Smartphone Unlocking Company

redOrbit Staff & Wire Reports - Your Universe Online

Employees working on behalf of a third-party smartphone-unlocking company were able to access the personal information of some AT&T mobile service customers, the telecommunications firm confirmed late last week.

According to Martyn Williams of IDG News Service, an unknown number of AT&T Mobility subscribers were affected by the breach, which took place between April 9 and April 21 of this year. The information that might have been compromised in the security breach reportedly included Social Security numbers, dates of birth and call records.

Officials at the Dallas-based mobile telephone and broadband service provider disclosed the breach last week in a filing with the California attorney general. While AT&T has not revealed the number of individuals who might have had their personal information compromised, Williams noted state law requires information to be disclosed if at least 500 California residents are involved.

“We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization,” AT&T said in a statement, according to CNET associate editor Carrie Mihalcik.

“This is completely counter to the way we require our vendors to conduct business,” the company added. “We have taken steps to help prevent this from happening again, notified affected customers, and reported this matter to law enforcement.”

The account information was accessed as the result of a request for codes from AT&T that allow mobile devices to be unlocked for sale in the secondary market, Mihalcik noted. Those codes can be requested by individuals following the fulfillment of their wireless contract, and allow the phones to be used on a wireless carrier other than the original one – making them more valuable in the used mobile device market, she added.

AT&T believes the breach might have been a way for employees with the company to spoof customer identities so that they could unlock the phones, Mihalcik said. However, the company declined to comment on whether or not the second-hand phones had been obtained legitimately or if they had been stolen, Williams added.

“The second-hand unlocking market… continues to be somewhat of a grey area,” said 9to5mac’s Jordan Kahn. “Earlier this year the US House of Representatives passed a bill that reversed an earlier decision by the Library of Congress to make unlocking a violation of the Digital Millennium Copyright Act, but it received criticism from the Electronic Frontier Foundation and other industry watchers.”

That bill would have allowed individuals to unlock their phones, but would have prohibited the practice “for the purpose of bulk resale,” Kahn said. While many carriers allow customers to have their phones unlocked, those policies vary by company and by country. As for those affected by this current incident, Mihalcik said AT&T has notified them and will offer them one year of complementary credit monitoring services.