Windows Phones

We go hands-on with AT&T's Nokia Lumia 635

Podcast

Vector 41: Mergers and accusations

General News

FCC votes to limit AT&T, Verizon involvement in mid-2015 spectrum auction

General News

AT&T will now let you order online and pick up in-store

General News

AT&T reportedly interested in acquiring DirectTV to better compete against Comcast

General News

AT&T to launch in-flight Wifi service with air-to-ground LTE in 2015

General News

AT&T posts $17.9 billion in revenue, adds 625,000 postpaid customers in Q1

Windows Phone News

Grab a refurbished Nokia Lumia 925 for AT&T for just $79.99 off contract

General News

AT&T GoPhone adding more data to smartphone plans

Rumors

AT&T to launch the 32GB Nokia Lumia 1520 on January 10

Windows Phone News

AT&T announces new Sponsored Data plan for companies to help you save some data

Windows Phones

Yellow AT&T Nokia Lumia 1520 now shipping!

General News

Nokia Lumia 1520 unboxed - some users report getting the device early

Windows Phone News

Samsung ATIV S Neo announced for AT&T; launching November 8th

Windows

AT&T to snatch the Lumia 1520 as a US exclusive; also stocking the Lumia 2520

Windows Phone News

Have an unlocked Samsung ATIV S? Add more Live Tiles to your Start screen

Windows Phone News

Nokia Lumia 925 confirmed to be heading to AT&T for $99; pre-orders begin August 28th

Windows Phone News

The $99 Nokia Lumia 520 now available as an AT&T GoPhone

Windows Phone News

Want a free camera grip with your Nokia Lumia 1020? Get it at the Microsoft Store

Windows Phone News

Nokia announces the Lumia 1020 Windows Phone on AT&T for $299, coming July 26

72

Detailed AT&T customer data inappropriately accessed by unlocking company

AT&T

If you're an AT&T customer you may have received an email recently about a security breach within the organization. AT&T has now confirmed personal information such as Social Security numbers and call records may have been accessed by individuals not authorized to view such information.

AT&T has not confirmed how many accounts have been affected but they did confirm the breach took place between April 9-21 and the accounts were accessed as 'as part of an effort to request codes from AT&T that are used to unlock AT&T mobile phones in the secondary mobile phone market.'

"We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization. This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, and we have reported this matter to law enforcement."

So while it's not a 'hack' of customer data in the traditional sense, AT&T has taken proactive measures to advise customers of the breach by sending them notices and making them aware of the situation. Still, not the best of scenarios for carrier. Have you received any notices from AT&T?

Source: ITWorld; Via: PhoneScoop

3
loading...
49
loading...
35
loading...
0
loading...

Comments

There are 72 comments. Sign in to comment

In Limbo says:

This kind of stuff doesn't even phase me anymore.

aitt says:

Living in the matrix, it doesn't

Posted via Windows Phone Central App

John20212 says:

And thats the problem, if one day you are the unlucky one of the millions and get your identity stolen, accounts wiped and hundreds of thousand in debt acrued, you will start caring more and don't just brush it off as another boring data breach.

 

 

 

IDP (Identity Theft Protection)

aitt says:

For real. People act like this happen last year.

Posted via Windows Phone Central App

aitt says:

Dramatic much?

Posted via Windows Phone Central App

Novron says:

Nothing dramatic about identity theft. Can seriously f you over.

aitt says:

If you're ignorant enough not to protect yourself.

Posted via Windows Phone Central App

jleebiker says:

That's a pretty high and mighty statement.

This was a case of a third party vendor having internal access to ATT info. How is a consumer supposed to protect themselves from that? 

aitt says:

My comment was about IDP.

Posted via Windows Phone Central App

Yea I know. lazy ass people attacking people who work hard for their money. If you going to attack someone, attack the banks or something. 

wpn00b says:

Edward Snowden did the same thing... Released information to others that shouldn't have had access to it. Maybe these things becoming commonplace and people becoming numb to it is exactly what "they" want.
"Its going to happen anyways, why fret? Share more so they can't steal it! I've got nothing to hide."

jbrandonf says:

SSNs are a different thing though friend.

Didnt happen before because high & mighty Apple some how had mobile.me hacked which had att customer info on file

NIST says:

Some AT&T customers? They don't know which? This was a vendor? Is this information available to them as a vendor? If not then AT&Ts security got hacked. Hence a "breach" and not an "incident".

Xsled says:

I assume they do know what accounts. I have not received any such communication

spcdog says:

In other words, "we have little to no internal security on your data, and we just say a few Hail Marys and hope for the best while the revolving door of vendors has their way with our computer systems each week." This sort of thing doesn't just accidentally happen, it's a clear lack of proper access control. I'd like to think that AT&T is going to suffer a deep and unlubricated legal reaming over this, but we all know these companies are never held accountable. "Here's some free credit monitoring, kthxbai."

Zuka_WPC says:

*Hilarious descriptive imagery fills brain

No, as in a portion of that they've identified and notified. That was very clear in the article.

Xsled says:

It states AT&T did not say how many. But where do you see that a portion of customers were notified?

jgbstetson says:

Why would a vendor even have access to this data? They're kinda spinning this as someone else's fault. Of course, we wouldn't have this issue I'd phones weren't locked.

blackhawk556 says:

I bet it was an authorized dealer like parrot cellular

aitt says:

Think best buy

Posted via Windows Phone Central App

ebradley says:

An internal f*** up of the highest order.

hasanmj8 says:

I didn't get any emails or anything

purevibz says:

They need to stop using customers ss # to get a stupid phone, why do they need that.

aitt says:

Cause your being billed and if don't pay they want to make sure to report you to the CRAs. That's why did people have to put down a deposit. Just like insurance

Posted via Windows Phone Central App

BaritoneGuy says:

None this is required for any of that. In Canada my SS number is between me, my employer and the government. That's it. Everything seems to make it to the CRA's just fine. In fact it is not legal for anyone else to require it as a condition of doing business with them.

David P2 says:

Similar in UK - National Insurance numbers (what you would call SSNs) are only used to confirm identity regarding benefits (aka state welfare) and for jobs regarding tax purposes (so you don't end up paying 20% of your wages in pure tax because you have been put on what they call "emergency tax code" - example: £1000 is your monthly salary, £200 goes off to the taxman.  For billing they just liase with CRAs directly and check on the electoral roll to verify your identity and address.

lcw731 says:

Its not legal to require it in the US, but companies ask for it (to make things easier for them) and people voluntarily give it thinking it is. Truth is you can refuse to give it. it may just make getting things a little more complicated, and maybe at a higher cost.

wpguy says:

Like lcw731 said, actually, it is not illegal for anyone to use your SSN as a requirement to register for and use their services, and that is why it came to be used by so many businesses.

You do have the right to refuse to hand it over, and ask that another number be created for your account. Some companies will do so without complaint, while others may go so far as to refuse service. It has worked for me on things like health insurance application forms.

link68759 says:

The best defense against trivial SSN use is not knowing your own SSN.

I don't know mine and whenever I get asked for it or have to fill out paperwork that wants it, I just say "I don't know my SSN" and 99.9999% of the time they say "ok we don't actually need it".

The only time I have ever given my SSN is when applying for a credit card, passport, and gun license.

spcdog says:

So when people who can't possibly hope to afford a mobile contract sign up for one, they can send it off to a collections agency (who will never recover anything) so they can take the loss writeoff to make their earnings reports look better in the shareholder meetings. Oh, and also apparently to provide a valuable service to the identity theft community. Thanks for being a good sport! ;)

Jazmac says:

I wish companies would quit using Social Security numbers for identification. When they F up using that, our entire life is disrupted.

cdb033 says:

I hope I wasn't affected...

egoz07 says:

They should limit the scope of ANYONE authorized to access an account's data to only those fields essential to the task. We need laws mandating this simple principle.

NYRbeezer says:

This happens and at the same time they just raised their activation fees LOL LOL LOL LOL LOL

What's with all the cornball questions at the end of these articles lately?

Deaconclgi says:

Maybe, just maybe, to get readers to respond in  the comments section? Possibly..

aitt says:

Who would had thought that?

Posted via Windows Phone Central App

It wouldn't happen otherwise?

*gasp*

aitt says:

When has it not?
Posted via Windows Phone Central App

Exactly my point.

aitt says:

So then why bring up.  Nothing new

Nothing necessary.

MadSci2 says:

Cause the Comments are more interesting than the Articles, but the writers are free!

Raesu says:

How about they stop locking the damn phones. We are already pay back the full subsidy with a contract.

Agreed   -  I ended up paying some ebay seller $35 to get me an unlock code for my fully paid for 1520 

I suspect that now it's going to be even harder to get an unlock code which is BS

dameon_03 says:

I haven't received any emails about it

erzhik says:

As always they will BS about only 1% of customers being affected when in reality probably everyone had their records breached.

We are expected to do everything online in the future but big business isn't able to secure our data. Pathetic.

Rainmarie says:

I haven't received an email.

drevil1999 says:

AT&T has violated CPNI (customer propretary network information)multiple times with my account. They gave my name out without verifying me when I called to ask about my account being compromised. Then they Uverse people got me to give them my cell number and changed my cell plan mid bill cycle. After like 10 calls to their call center they would issue me credits and then would text me later that my issue was resolved. The resolution was them reversing my credits. Att sucks and they don't care about customers or our private info..they just care about our money!!

aitt says:

And yet you still use them?

Posted via Windows Phone Central App

ycy198472 says:

I read a lot of this stealth in Chinese forum. They share some att customers' information, like SSN, to unlock their iPhones. I didn't know where they got them. But now I get it.

psychotron says:

Long time ATT customer here and I haven't heard a word from them.

It happen on April and until now they let us know wtf

MadSci2 says:

Because this allows AT&T to extend the period for getting a subsidized phone without cutting the monthly fee that pays for my own subsidy. I'd they stopped locking they would stop subsidizing and could no longer they away with their sky high rates.

Nerdy Woman says:

You know what, folks? ATT is probably not the only carrier to outsource services. Call centers, installers, tech support are frequently outsourced. Trust me. None of the carriers have a corporate-owned call center in central Asia. Of course, all other carriers only contract with vendors who hire only boy scouts.

I applaud ATT for going public with this. I would suspect that for every company with which we do business, customer information is far too available to 3rd party vendors' employees.

Perhaps with ATT standing up and saying this shouldn't happen, more companies will pay closer attention too their customers data and their vendors.

morete908 says:

AT&T uses third party businesses for unlocking their phones?  AT&T with all of its billions can't afford to hire and pay its own staff for something that important?  They are exclusively the ones that hold the keys and control of that handset and they give the keys to some unknown entity in foreign lands?   On the other hand, maybe this was AT&T's intention all along.  Seriously, what benefit does AT&T get by unlocking "their" phones?  None.  In fact they lose business every time a phone is unlocked and they know this.  That IS precisely why they gave the keys to non-AT&T employees and those that have no allegiance to their company.   AT&T knew that their traitorous customers that want their phones unlocked would have a massive risk of getting their personal information compromised with no in-house oversight.  AT&T washes their hands of the situation and blames their subcontractors and at the same time sends out a word of warning to all of their customers that their personal information  will be sabotaged if they choose to defy AT&T's dictatorship.

Nerdy Woman says:

The article did not say what service the vendor provides, but it probably was something other than phone unlock services. It could be a call center where they set up or service accounts, requiring verification of the customer's identity. Duh.

AndreHBuss says:

I didn't get the email yet :|

Most companies including banks are outsourcing our jobs abroad to countries with lax laws.  That is even more scary.

Nerdy Woman says:

It really is in a vendors own interest to maintain security according to their contract with their customer, the carrier, regardless of the laws of the country in which they're located. Too many breaches and they lose the contact.

But you might find it worth noting, LibRep, that many companies are bringing those services back home, although not because of security concerns.

drevil1999 says:

You can use Net10 sim cards in ATT phones without unlocking them. Pay net ten 50 bucks a month and use ATT's network and protect your info and still have the coolest phones!!!

Snowman81 says:

I wonder what the fall out from this situation is going to be...