AT&T has disclosed a security breach in its customers' personal accounts that was carried out by its own employees in April.
AT&T, the second largest wireless carrier in the US, is reporting a security breach in its system that has compromised hundreds of customers' personal information such as Social Security numbers and birth dates. The breach, which occurred between April 9 and April 21, 2014, was an inside job of the service provider. While the carrier has not revealed the number of customers affected in the security breach, media reports estimate the number to be more than 500 people.
As the California law requires companies to notify the customers of any loss of user data as a result of a malicious attack, AT&T dispatched emails stating the duration of the attack and apologizing for the mishap. As a way to make up to its upset customers, AT&T is also offering a year of free credit monitoring.
"We have taken steps to help prevent this from happening again," the company said in a statement to The Washington Post. "We are notifying affected customers, and we have reported this matter to law enforcement."
The carrier found it surprising that the hackers' intentions were not to steal customers' credit card numbers or carry out fraudulent transactions. In fact, AT&T said they wanted to pretend to be AT&T customers so they could request unlock codes for locked handsets on the network.
"AT&T believes the employees [from an outside service vendor] accessed your account as part of an effort to request codes from AT&T that are used to 'unlock' AT&T mobile phones in the secondary mobile market," AT&T wrote in its letter to consumers affected by the breach.
By unlocking a mobile phone that is tied to a wireless carrier makes it valuable in the secondary market and also allows customers to switch carriers without paying hefty ETFs. As every carrier ties a standard two-year contract when purchasing a new smartphone with minimal upfront cash, any time a customer wishes to choose a different carrier during the contract term, they are subjected to early termination fees.
However, with new trends in the US wireless industry and the growing competition among carriers, the contract based system has become almost obsolete. Smaller carriers such as T-Mobile challenged the bigger players to stop binding customers to contracts by offering phones at reasonable payment options without contracts. To beef up the efforts, carriers also offer to cover any ETFs at the time of making a switch. With the rising competition, the end user is receiving the maximum benefits.