ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Rachael O'Halloran's Hack Report: AT & T Phone Company

Updated on July 1, 2014

Published on July 1, 2014

by Rachael O'Halloran

Feel free to SHARE this article using the SHARE buttons on the right side of your screen.

If you want to email your friends the link to this article, please use this one:

http://rachaelohalloran.hubpages.com/hub/Rachael-OHallorans-Hack-Report-AT-T-Phone-Company

AT & T was hacked in April 2014

Source

AT & T Security Breach

Dates of Breach: Between April 9 and April 21, 2014.

Affected Parties: California Customers Only.

Date of Report: June 12, 2014

AT & T's Statement

In June 2014, AT & T Mobility released this statement:

"Three employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization. The employees accessed your social security number and date of birth in an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market.”

They consider two breaches in April "recently" yet they waited two months to report it on June 12, 2014.

They didn't say how many customers were affected, but it must have been bigger than a bread box, but smaller than the state of California because California law states that companies must disclose and report an incident of security or data breach when it affects at least 500 customers.

~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

Unlock Codes

Cellphones are equipped with a software lock that keeps them from being used on competitor carriers, if you should quit the plan with your cellphone carrier.

However, if you want to change carriers at the end of your contract to take your phone with you to another carrier, all customers can request an "unlock code."

However, these "hackers" - which is what they are - didn't do that. They attempted to gain access to unlock codes for quite a number of phones between April 9 and April 21, 2014. The video below explains it better.

Any phones that were unlocked during this breach have a potentially high black market value on any wireless carrier or network around the world, as well as on the second hand market.

~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

AT & T Breach Details

What Should The Penalty Be?

The day after the breach, AT & T said they believes "the breach was a means for the employees to spoof customer identities in order to unlock phones."

It seems that AT & T allows their vendors and employees unlimited access to its data so no wonder they had a data breach. How convenient to blame a vendor but still not address how they were able to access the information in the first place.

AT & T should have been fined for allowing unauthorized access to sensitive records by a third party vendor and whatever security they have in place should be re-address and/or changed.

It is not fair to us, the consumer, that all these companies do not safeguard our personal information sufficiently either by hackers, their own employees or third party vendors to whom they outsource.

The fact that they accessed the social security number, call log and date of birth of an "unknown" number of customers - presumably more than 500 people, per California state law - just to get unlock codes is absolutely ridiculous.

An unlock code is indigenous to one phone. You get the code, it unlocks the phone from that carrier/network, so the phone can be used on another carrier/network. If they did this over 500 times, clearly this was not an accident. It was a hack.

The third party vendor should have been arrested along with his three employees to be prosecuted for facilitating a national security breach of a major company.

AT & T should be fined for allowing the sensitive information to be available to a third party vendor in the first place. They should also be required to revamp their security measures, put more safeguards in place as to WHO has access to certain information on customer records, and learn how to report in a more timely manner.

AT & T's Solution

AT & T is offering California customers one year of free credit monitoring with access to credit report through CSID Company. (Glad it is not Experian, who got hacked in March 2014!)

AT & T claims they already paid for the service, you just have to notify them you want to enroll by calling 877-274-5554.

They sent letters out to the affected customers, but if you are like me when you get dozens of privacy notices in the mail every month, I chuck them. This one affected me because I had a residence in California up until three weeks ago. (June 1, 2014)

I wonder....

What of all the other California customers who moved just like I did and took their phone carrier with them? What of all the parents who bought cellphones for their college kids who attend college in another state and signed up to use AT & T as a carrier?

These are still California customers and even though the phone is no longer in California, the service is still through that branch of AT & T.

AT & T also suggests that you contact the major credit reporting agencies and put a fraud alert on your credit report account and ask them what other tools they have to put in place to help protect you because of the breach.

With AT & T, if you don't already have a passcode on your account, do it.

If you do have one, change it.

A passcode is a special number or word that all representatives must ask you (or any caller) to provide in order to proceed talking to you online, in a store or on the phone. You can change your passcode anytime and as many times as you wish at att.com.

Poll for California Residents Only

As a California AT & T customer, were you aware that this breach occurred?

See results

Do Not Copy, Please Use Share Buttons On The Right

© Rachael O'Halloran, July 1, 2014

Comments

Submit a Comment

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #ologsinquito

    I bank online too and cringed on Monday. I signed in and saw a really low balance. I thought for sure I've been hacked. Then I remember, I just paid the bills. If they hack me, they are going to be as poor as I am. lol

    Thanks for reading and commenting.

  • ologsinquito profile image

    ologsinquito 3 years ago from USA

    I don't know much about Internet and mobile security, but I'm kind of surprised there are not more breaches. I do online banking, and it amazes me that my account, and everyone else's, has not been hacked into. It doesn't strike me as the most secure way to bank, but it's certainly convenient.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #FlourishAnyway

    Thank you :)

  • FlourishAnyway profile image

    FlourishAnyway 3 years ago from USA

    It's good to know that Rachael is on the case reporting this.

  • vkwok profile image

    Victor W. Kwok 3 years ago from Hawaii

    Good thing my cousin with AT&T doesn't live in California. It's a serious issue with cell phone company workers violating our privacy. Voted up!

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #DDE

    Thank you for reading and commenting :)

  • DDE profile image

    Devika Primić 3 years ago from Dubrovnik, Croatia

    Informative and a very helpful hub.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #breakfastpop

    I agree. Holding back and not letting the public know is a terrible disservice to us. Companies were supposed to be safeguarding our data when we provided it for their use ... not for the use of the whole world. Companies will never get a handle on this and this is one case where, unfortunately, the bad guys will always win.

    Thanks for reading, commenting and voting :)

  • breakfastpop profile image

    breakfastpop 3 years ago

    Let's face it. Our personal information is available and vulnerable. It is almost impossible to keep ahead of the hackers. Companies that are targeted must be more forthcoming about such events. Otherwise they are as bad as the hackers. Up and useful.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #bravewarrior

    I have been with AT & T since the mid1990s too and never had a problem with them either. But this breach affected me only because I was living in California during the breach, have AT &T thru CA and now in VA, but must watch our credit report and other accounts for suspicious behavior. It's just what I need on top of everything else on my plate. So far, so good, nothing noteworthy. They should be fined big time for this because it was preventable. I also hope they learned from this.

    Thanks for reading and commenting :)

  • bravewarrior profile image

    Shauna L Bowling 3 years ago from Central Florida

    Rachael, I've been with ATT forever - since 1999 I think. Fortunately, I've never had a problem with them. In fact, I find their customer service to be better than outstanding. Hopefully they learned from the California incident and will implement stricter SOP.