Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Says Customer Data Accessed To Unlock Smartphones

Posted by Soulskill on from the another-day-another-breach dept.

itwbennett writes: Personal information, including Social Security numbers and call records, was accessed for an unknown number of AT&T Mobility customers by people outside of the company, AT&T has confirmed. The breach took place between April 9-21, but was only disclosed this week in a filing with California regulators. While AT&T wouldn't say how many customers were affected, state law requires such disclosures if an incident affects at least 500 customers in California.

12 of 65 comments (clear)

  1. Not doing it right by sinij · · Score: 4, Insightful

    Why would anyone give SSN to AT&T? Do they also process your taxes? If not, they have no place asking or retaining this information.

    1. Re:Not doing it right by wbr1 · · Score: 2

      Even though it is not recommended, many, many organizations use the SSN as a unique identifier. See http://consumersunion.org/news...

      --
      Silence is a state of mime.
    2. Re:Not doing it right by rsmith-mac · · Score: 5, Informative

      Credit checks for post-paid accounts.

    3. Re:Not doing it right by Virtucon · · Score: 5, Insightful

      Yeah everybody want's your SSN and here's the trick folks, don't give it to them unless you absolutely have to. I'm finding it harder and harder these days to start to trust any companies with sensitive information like this. What's needed is an abstract number like a disposable e-mail address to start protecting our anonymity. Once it's used to verify if the customer is "sponge-worthy" it disappears and the requester can't use it again.

      I recently bought a new car at the same dealership where I'd previously purchased another one, about 5 years ago, and when going through all the paperwork found that they had my SSN and other financial data on file from the last time from that transaction. Needless to say I went ballistic and asked a few WTF questions of the management. They agreed that after the transaction was concluded that those details would be erased. I've since filed a complaint with the state attorney general, the state consumer affairs and the feds because none of this was disclosed 5 years ago and I don't know who has seen this data or my SSN.

      --
      Harrison's Postulate - "For every action there is an equal and opposite criticism"
    4. Re:Not doing it right by sinij · · Score: 4, Insightful

      >>> Anyone that refuses to provide a valid SSN is rejected from our services. Your business is clearly contributing to the problem and should be held full liable for any damage resulting from the data breach that you will inevitably experience at some point.

      As to database designers that don't self generate uidis and instead use SSN...

      Still, there are ways around such obnoxious requests. my SSN is 123-4-5678.

    5. Re: Not doing it right by jd2112 · · Score: 3, Insightful

      Because we all knew terrorists wait up to 10 years after legally purchasing a vehicle before using it in an attack, right?

      --
      Any insufficiently advanced magic is indistinguishable from technology.
    6. Re:Not doing it right by mstockman · · Score: 2

      Why would anyone give SSN to AT&T? Do they also process your taxes? If not, they have no place asking or retaining this information.

      When I first got my iPhone, the Apple Store reps could not figure out how (or wouldn't admit to knowing how) to sell an AT&T contract without a social security number. They sent me down the way to the AT&T store who also couldn't figure it out without calling in to a customer service line and escalating to a supervisor. It took over two hours to buy the damn phone without a SS#, but would have been five minutes if I had given it up. Eventually, they admitted that they have a placeholder number they can use instead of the SS# and we completed the transaction.

      Granted, this was a few years ago, but I don't see why they'd be any more cooperative today.

      So that's why people give it to them. Is it required? No. Do people have several hours to waste and the stubbornness to jump through the hoops? Not usually.

    7. Re:Not doing it right by sinij · · Score: 2

      Human irrationality.

      Would you give AT&T signed blank check if they promised they would keep it for you "for security purposes"? Most people would hesitate to do so, but having one of your checks compromised is a lot less damaging that having your identity stolen via SSN compromise.

    8. Re:Not doing it right by Anonymous Coward · · Score: 2, Informative

      Strange, I never gave my SSN to the dealer of the last car I bought. Unless they want to a credit check, they have no reason to have your SSN. Often times they run that credit check without your explicit knowledge. They claim they have to or it is policy or they "do that for everyone" because the government requires it. That is a LIE.

  2. Hmmm ... by gstoddart · · Score: 5, Interesting

    "We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," the company said in a statement.

    "This is completely counter to the way we require our vendors to conduct business."

    So, if this is completely counter to how you require it, and they didn't have authorization ... why the hell is it set up so they can access it without proper authorization???

    If the access is set up to say "do you promise to not log in when you're not supposed to?" then the system is pretty much useless.

    --
    Lost at C:>. Found at C.
  3. Re:Meh... by gstoddart · · Score: 2

    This happens a lot, and you don't necessarily need to know about it.

    Unless there's a law requiring it. In this case, there was.

    Me, I think corporations should be required to tell people about such breaches.

    Because then maybe they'd learn to stop the breaches instead of pretending they never happened.

    --
    Lost at C:>. Found at C.
  4. Re:That's only an excuse. by scottbomb · · Score: 2

    Without an SSN you need a DOB. At least that's the case for all the credit checks I've run at mutliple companies over the past 20 years.