ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Hack Report: AT & T Phone Company

Updated on February 6, 2020

AT & T was hacked in April 2014

Source

AT & T Security Breach

Dates of Breach: Between April 9 and April 21, 2014.

Affected Parties: California Customers Only.

Date of Report: June 12, 2014

AT & T's Statement

In June 2014, AT & T Mobility released this statement:

"Three employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization. The employees accessed your social security number and date of birth in an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”

They consider two breaches in April "recently" yet they waited two months to report it on June 12, 2014.

They didn't say how many customers were affected, but it must have been bigger than a bread box, but smaller than the state of California because California law states that companies must disclose and report an incident of security or data breach when it affects at least 500 customers.

~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

Unlock Codes

Cellphones are equipped with a software lock that keeps them from being used on competitor carriers, if you should quit the plan with your cellphone carrier.

However, if you want to change carriers at the end of your contract to take your phone with you to another carrier, all customers can request an "unlock code."

However, these "hackers" - which is what they are - didn't do that. They attempted to gain access to unlock codes for quite a number of phones between April 9 and April 21, 2014. The video below explains it better.

Any phones that were unlocked during this breach have a potentially high black market value on any wireless carrier or network around the world, as well as on the second hand market.

~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

AT & T Breach Details

LG G2, Black 32GB (Verizon Wireless)

What Should The Penalty Be?

The day after the breach, AT & T said they believes "the breach was a means for the employees to spoof customer identities in order to unlock phones."

It seems that AT & T allows their vendors and employees unlimited access to its data so no wonder they had a data breach. How convenient to blame a vendor but still not address how they were able to access the information in the first place.

AT & T should have been fined for allowing unauthorized access to sensitive records by a third party vendor and whatever security they have in place should be re-address and/or changed.

It is not fair to us, the consumer, that all these companies do not safeguard our personal information sufficiently either by hackers, their own employees or third party vendors to whom they outsource.

The fact that they accessed the social security number, call log and date of birth of an "unknown" number of customers - presumably more than 500 people, per California state law - just to get unlock codes is absolutely ridiculous.

An unlock code is indigenous to one phone. You get the code, it unlocks the phone from that carrier/network, so the phone can be used on another carrier/network. If they did this over 500 times, clearly this was not an accident. It was a hack.

The third party vendor should have been arrested along with his three employees to be prosecuted for facilitating a national security breach of a major company.

AT & T should be fined for allowing the sensitive information to be available to a third party vendor in the first place. They should also be required to revamp their security measures, put more safeguards in place as to WHO has access to certain information on customer records, and learn how to report in a more timely manner.

AT & T's Solution

AT & T is offering California customers one year of free credit monitoring with access to credit report through CSID Company. (Glad it is not Experian, who got hacked in March 2014!)

AT & T claims they already paid for the service, you just have to notify them you want to enroll by calling 877-274-5554.

They sent letters out to the affected customers, but if you are like me when you get dozens of privacy notices in the mail every month, I chuck them. This one affected me because I had a residence in California up until three weeks ago. (June 1, 2014)

I wonder....

What of all the other California customers who moved just like I did and took their phone carrier with them? What of all the parents who bought cellphones for their college kids who attend college in another state and signed up to use AT & T as a carrier?

These are still California customers and even though the phone is no longer in California, the service is still through that branch of AT & T.

AT & T also suggests that you contact the major credit reporting agencies and put a fraud alert on your credit report account and ask them what other tools they have to put in place to help protect you because of the breach.

With AT & T, if you don't already have a passcode on your account, do it.

If you do have one, change it.

A passcode is a special number or word that all representatives must ask you (or any caller) to provide in order to proceed talking to you online, in a store or on the phone. You can change your passcode anytime and as many times as you wish at att.com.

Poll for California Residents Only

As a California AT & T customer, were you aware that this breach occurred?

See results
working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)