According to PhoneScoop, AT&T is now confirming that a data breach occured between April 9 and April 21. AT&T will not confirm how many customers were affected but did say that those who whose information was breached had received emails alerting them. The breach involved a third-party contractor who ‘violated security protocols and accessed customer data.”
Some of the data taken included Social Security numbers and call records.
“We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization. This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, and we have reported this matter to law enforcement.” - AT&T Letter
It is believed that the breach was done as a way of spoofing customer identities in order to unlock phones.