ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Rachael O'Halloran's Hack Report: AT & T Phone Company

Updated on July 1, 2014

Published on July 1, 2014

by Rachael O'Halloran

Feel free to SHARE this article using the SHARE buttons on the right side of your screen.

If you want to email your friends the link to this article, please use this one:

AT & T was hacked in April 2014


AT & T Security Breach

Dates of Breach: Between April 9 and April 21, 2014.

Affected Parties: California Customers Only.

Date of Report: June 12, 2014

AT & T's Statement

In June 2014, AT & T Mobility released this statement:

"Three employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization. The employees accessed your social security number and date of birth in an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”

They consider two breaches in April "recently" yet they waited two months to report it on June 12, 2014.

They didn't say how many customers were affected, but it must have been bigger than a bread box, but smaller than the state of California because California law states that companies must disclose and report an incident of security or data breach when it affects at least 500 customers.


Unlock Codes

Cellphones are equipped with a software lock that keeps them from being used on competitor carriers, if you should quit the plan with your cellphone carrier.

However, if you want to change carriers at the end of your contract to take your phone with you to another carrier, all customers can request an "unlock code."

However, these "hackers" - which is what they are - didn't do that. They attempted to gain access to unlock codes for quite a number of phones between April 9 and April 21, 2014. The video below explains it better.

Any phones that were unlocked during this breach have a potentially high black market value on any wireless carrier or network around the world, as well as on the second hand market.


AT & T Breach Details

What Should The Penalty Be?

The day after the breach, AT & T said they believes "the breach was a means for the employees to spoof customer identities in order to unlock phones."

It seems that AT & T allows their vendors and employees unlimited access to its data so no wonder they had a data breach. How convenient to blame a vendor but still not address how they were able to access the information in the first place.

AT & T should have been fined for allowing unauthorized access to sensitive records by a third party vendor and whatever security they have in place should be re-address and/or changed.

It is not fair to us, the consumer, that all these companies do not safeguard our personal information sufficiently either by hackers, their own employees or third party vendors to whom they outsource.

The fact that they accessed the social security number, call log and date of birth of an "unknown" number of customers - presumably more than 500 people, per California state law - just to get unlock codes is absolutely ridiculous.

An unlock code is indigenous to one phone. You get the code, it unlocks the phone from that carrier/network, so the phone can be used on another carrier/network. If they did this over 500 times, clearly this was not an accident. It was a hack.

The third party vendor should have been arrested along with his three employees to be prosecuted for facilitating a national security breach of a major company.

AT & T should be fined for allowing the sensitive information to be available to a third party vendor in the first place. They should also be required to revamp their security measures, put more safeguards in place as to WHO has access to certain information on customer records, and learn how to report in a more timely manner.

AT & T's Solution

AT & T is offering California customers one year of free credit monitoring with access to credit report through CSID Company. (Glad it is not Experian, who got hacked in March 2014!)

AT & T claims they already paid for the service, you just have to notify them you want to enroll by calling 877-274-5554.

They sent letters out to the affected customers, but if you are like me when you get dozens of privacy notices in the mail every month, I chuck them. This one affected me because I had a residence in California up until three weeks ago. (June 1, 2014)

I wonder....

What of all the other California customers who moved just like I did and took their phone carrier with them? What of all the parents who bought cellphones for their college kids who attend college in another state and signed up to use AT & T as a carrier?

These are still California customers and even though the phone is no longer in California, the service is still through that branch of AT & T.

AT & T also suggests that you contact the major credit reporting agencies and put a fraud alert on your credit report account and ask them what other tools they have to put in place to help protect you because of the breach.

With AT & T, if you don't already have a passcode on your account, do it.

If you do have one, change it.

A passcode is a special number or word that all representatives must ask you (or any caller) to provide in order to proceed talking to you online, in a store or on the phone. You can change your passcode anytime and as many times as you wish at

Poll for California Residents Only

As a California AT & T customer, were you aware that this breach occurred?

See results

Do Not Copy, Please Use Share Buttons On The Right

© Rachael O'Halloran, July 1, 2014


Submit a Comment
  • RachaelOhalloran profile imageAUTHOR

    Rachael O'Halloran 

    5 years ago from United States


    I bank online too and cringed on Monday. I signed in and saw a really low balance. I thought for sure I've been hacked. Then I remember, I just paid the bills. If they hack me, they are going to be as poor as I am. lol

    Thanks for reading and commenting.

  • ologsinquito profile image


    5 years ago from USA

    I don't know much about Internet and mobile security, but I'm kind of surprised there are not more breaches. I do online banking, and it amazes me that my account, and everyone else's, has not been hacked into. It doesn't strike me as the most secure way to bank, but it's certainly convenient.

  • RachaelOhalloran profile imageAUTHOR

    Rachael O'Halloran 

    5 years ago from United States


    Thank you :)

  • FlourishAnyway profile image


    5 years ago from USA

    It's good to know that Rachael is on the case reporting this.

  • vkwok profile image

    Victor W. Kwok 

    5 years ago from Hawaii

    Good thing my cousin with AT&T doesn't live in California. It's a serious issue with cell phone company workers violating our privacy. Voted up!

  • RachaelOhalloran profile imageAUTHOR

    Rachael O'Halloran 

    5 years ago from United States


    Thank you for reading and commenting :)

  • DDE profile image

    Devika Primić 

    5 years ago from Dubrovnik, Croatia

    Informative and a very helpful hub.

  • RachaelOhalloran profile imageAUTHOR

    Rachael O'Halloran 

    5 years ago from United States


    I agree. Holding back and not letting the public know is a terrible disservice to us. Companies were supposed to be safeguarding our data when we provided it for their use ... not for the use of the whole world. Companies will never get a handle on this and this is one case where, unfortunately, the bad guys will always win.

    Thanks for reading, commenting and voting :)

  • breakfastpop profile image


    5 years ago

    Let's face it. Our personal information is available and vulnerable. It is almost impossible to keep ahead of the hackers. Companies that are targeted must be more forthcoming about such events. Otherwise they are as bad as the hackers. Up and useful.

  • RachaelOhalloran profile imageAUTHOR

    Rachael O'Halloran 

    5 years ago from United States


    I have been with AT & T since the mid1990s too and never had a problem with them either. But this breach affected me only because I was living in California during the breach, have AT &T thru CA and now in VA, but must watch our credit report and other accounts for suspicious behavior. It's just what I need on top of everything else on my plate. So far, so good, nothing noteworthy. They should be fined big time for this because it was preventable. I also hope they learned from this.

    Thanks for reading and commenting :)

  • bravewarrior profile image

    Shauna L Bowling 

    5 years ago from Central Florida

    Rachael, I've been with ATT forever - since 1999 I think. Fortunately, I've never had a problem with them. In fact, I find their customer service to be better than outstanding. Hopefully they learned from the California incident and will implement stricter SOP.


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)