Last week, AT&T revealed that personal customer data was exposed in a breach that occurred thanks to a service that unlocks phones for its customers. Now, the carrier is sending out letters to its customers confirming the hack — in a document posted to the state of California's site, AT&T notes that one of its service providers "violated our strict privacy and security guidelines by accessing your account without authorization." The breach took place between April 9th and 21st, and at that time the unnamed service provider was able to see customer social security numbers.
As is commonplace with security breaches like this (which are becoming more and more common), AT&T will be offering its customers one year of free credit monitoring to help mitigate any fraudulent activity or potential identity theft. The letter also reveals that AT&T is working with law enforcement to investigate the breach, another common activity after such information is released. We still don't know exactly how many accounts were accessed — but as noted when the breach first came to light, California law dictates that companies notify customers when they suffer from data breaches affecting more than 500 people.