AT&T Says Customer Data Accessed To Unlock Smartphones

itwbennett writes: Personal information, including Social Security numbers and call records, was accessed for an unknown number of AT&T Mobility customers by people outside of the company, AT&T has confirmed. The breach took place between April 9-21, but was only disclosed this week in a filing with California regulators. While AT&T wouldn't say how many customers were affected, state law requires such disclosures if an incident affects at least 500 customers in California.

Hmmm ...

[gstoddart]

"We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," the company said in a statement.

"This is completely counter to the way we require our vendors to conduct business."

So, if this is completely counter to how you require it, and they didn't have authorization ... why the hell is it set up so they can access it without proper authorization???

If the access is set up to say "do you promise to not log in when you're not supposed to?" then the system is pretty much useless.

Re:Not doing it right

[Anonymous Coward]

Car dealers are required by federal law to keep records of all transactions for a period of 10 years, including the purchaser's SSN and other identifying information. It's an anti-terrorism thing.