Rachael O'Halloran's Hack Report: AT & T Phone Company
Published on July 1, 2014
by Rachael O'Halloran
Feel free to SHARE this article using the SHARE buttons on the right side of your screen.
If you want to email your friends the link to this article, please use this one:
AT & T was hacked in April 2014
AT & T Security Breach
Dates of Breach: Between April 9 and April 21, 2014.
Affected Parties: California Customers Only.
Date of Report: June 12, 2014
AT & T's Statement
In June 2014, AT & T Mobility released this statement:
"Three employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization. The employees accessed your social security number and date of birth in an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”
They consider two breaches in April "recently" yet they waited two months to report it on June 12, 2014.
They didn't say how many customers were affected, but it must have been bigger than a bread box, but smaller than the state of California because California law states that companies must disclose and report an incident of security or data breach when it affects at least 500 customers.
Cellphones are equipped with a software lock that keeps them from being used on competitor carriers, if you should quit the plan with your cellphone carrier.
However, if you want to change carriers at the end of your contract to take your phone with you to another carrier, all customers can request an "unlock code."
However, these "hackers" - which is what they are - didn't do that. They attempted to gain access to unlock codes for quite a number of phones between April 9 and April 21, 2014. The video below explains it better.
Any phones that were unlocked during this breach have a potentially high black market value on any wireless carrier or network around the world, as well as on the second hand market.
AT & T Breach Details
What Should The Penalty Be?
The day after the breach, AT & T said they believes "the breach was a means for the employees to spoof customer identities in order to unlock phones."
It seems that AT & T allows their vendors and employees unlimited access to its data so no wonder they had a data breach. How convenient to blame a vendor but still not address how they were able to access the information in the first place.
AT & T should have been fined for allowing unauthorized access to sensitive records by a third party vendor and whatever security they have in place should be re-address and/or changed.
It is not fair to us, the consumer, that all these companies do not safeguard our personal information sufficiently either by hackers, their own employees or third party vendors to whom they outsource.
The fact that they accessed the social security number, call log and date of birth of an "unknown" number of customers - presumably more than 500 people, per California state law - just to get unlock codes is absolutely ridiculous.
An unlock code is indigenous to one phone. You get the code, it unlocks the phone from that carrier/network, so the phone can be used on another carrier/network. If they did this over 500 times, clearly this was not an accident. It was a hack.
The third party vendor should have been arrested along with his three employees to be prosecuted for facilitating a national security breach of a major company.
AT & T should be fined for allowing the sensitive information to be available to a third party vendor in the first place. They should also be required to revamp their security measures, put more safeguards in place as to WHO has access to certain information on customer records, and learn how to report in a more timely manner.
Multi-functional mobile phone Holder /
AT & T's Solution
AT & T is offering California customers one year of free credit monitoring with access to credit report through CSID Company. (Glad it is not Experian, who got hacked in March 2014!)
AT & T claims they already paid for the service, you just have to notify them you want to enroll by calling 877-274-5554.
They sent letters out to the affected customers, but if you are like me when you get dozens of privacy notices in the mail every month, I chuck them. This one affected me because I had a residence in California up until three weeks ago. (June 1, 2014)
What of all the other California customers who moved just like I did and took their phone carrier with them? What of all the parents who bought cellphones for their college kids who attend college in another state and signed up to use AT & T as a carrier?
These are still California customers and even though the phone is no longer in California, the service is still through that branch of AT & T.
AT & T also suggests that you contact the major credit reporting agencies and put a fraud alert on your credit report account and ask them what other tools they have to put in place to help protect you because of the breach.
With AT & T, if you don't already have a passcode on your account, do it.
If you do have one, change it.
A passcode is a special number or word that all representatives must ask you (or any caller) to provide in order to proceed talking to you online, in a store or on the phone. You can change your passcode anytime and as many times as you wish at att.com.
Poll for California Residents Only
As a California AT & T customer, were you aware that this breach occurred?
Do Not Copy, Please Use Share Buttons On The Right
© Rachael O'Halloran, July 1, 2014