According to AT&T, a number of their wireless customers were affected by a security breach. Users had their accounts broken into, revealing highly sensitive personal information including and not limited to Social Security numbers and dates of birth.
AT&T didn’t publicly state how many customers have been affected by this breach. However, a good indication has been given though not through the company. California law requires that a company notifies all customers of a malicious security breach if the attack affected over 500 people. This guarantees that at least 500 people were affected by this attack if not more.
AT&T as a result have sent letters to their customers. This letter states that the breach occurred between April 9 and April 21. In apology, the company is offering a year of free credit monitoring. AT&T publicly stated “We have taken steps to help prevent this from happening again. We are notifying affected customers, and we have reported this matter to law enforcement.”
Popular restaurant P.F. Chang’s has also stated that the credit and debit card data of customers in their chain have also been stolen. P.F. Chang’s became aware of this breach through the US Secret Service on Tuesday. The agency is now investigating alongside the company. While they are making process, it is still unknown how many customers were attacked or which restaurants are affected.
It’s been established that the attackers were attempting to steal credit card information from P.F. Chang’s. This is quite typical in this kind of attack. With AT&T however, it appears as though the attackers were attempting to steal personal information from customers for fraud purposes. Specifically, to unlock old and used handsets.
This was stated in the letter AT&T sent to their customers. It read, “AT&T believes the employees accessed your account as part of an effort to request codes from AT&T that are used to ‘unlock’ AT&T mobile phones in the secondary mobile market.”
Typically, telephone service providers lock their devices to their service. Devices can be unlocked, but they are under heavy restrictions.