AT&T Was Hacked In April And Some Customers Had Their Social Security Numbers Stolen
AT&T did not say how many accounts were affected in the two-week breach, although California law requires companies publicly disclose any data breaches that affect more than 500 people.
AT&T also didn't say why it took two months to announce what had happened. We've reached out to the company for further comment.
AT&T disclosed the breach in a filing to the California Attorney General's office, but also reportedly "snail-mailed" letters to every customer affected by the breach. AT&T told those customers to change the passwords affected with their accounts, but said it would offer one year of free credit monitoring services for those same customers in case their personal information is used to make unauthorized charges.
Mark Siegel, AT&T's executive director for media relations, also emailed the following statement to Re/code on Friday:
We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization. This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, notified affected customers, and reported this matter to law enforcement.